Member since
07-29-2025
2
Posts
0
Kudos Received
0
Solutions
08-22-2025
09:38 AM
Thanks a lot for your suggestions. I can log in as an administrator.When the second user logs in, the message “Unable to view the user interface. Contact the system administrator.” this displays a warning message on the screen. How can I grant permissions from the users tab? The user is not coming the users tab. login-identity-providers.xml <loginIdentityProviders> <provider> <identifier>ldap-provider</identifier> <class>org.apache.nifi.ldap.LdapProvider</class> <property name="Authentication Strategy">SIMPLE</property> <property name="Manager DN">LDAP_USER</property> <property name="Manager Password">Password1</property> <property name="TLS - Keystore">home/nifi/nifi/nifi-2.4.0/conf/gbkeystore.jks</property> <property name="TLS - Keystore Password">Password</property> <property name="TLS - Keystore Type">jks</property> <property name="TLS - Truststore">home/nifi/nifi/nifi-2.4.0/conf/gbkeystore.jks</property> <property name="TLS - Truststore Password">Password</property> <property name="TLS - Truststore Type">jks</property> <property name="TLS - Client Auth"></property> <property name="TLS - Protocol">TLSv1.2</property> <property name="TLS - Shutdown Gracefully"></property> <property name="Referral Strategy">FOLLOW</property> <property name="Connect Timeout">10 secs</property> <property name="Read Timeout">10 secs</property> <property name="Url">ldap://ldap.entp:389</property> <property name="User Search Base">OU=CUsers,OU=Company,DC=company,DC=entp</property> <property name="User Search Filter">sAMAccountName={0}</property> <property name="Identity Strategy">USE_DN</property> <property name="Authentication Expiration">12 hours</property> </provider> </loginIdentityProviders> authorizers.xml <authorizers> <userGroupProvider> <identifier>file-user-group-provider</identifier> <class>org.apache.nifi.authorization.FileUserGroupProvider</class> <property name="Users File">./conf/users.xml</property> <property name="Initial User Identity 1">CN=NIFIUSER,OU=Userpro,OU=CUsers,OU=Company,DC=company,DC=entp</property> </userGroupProvider> <userGroupProvider> <identifier>composite-configurable-user-group-provider</identifier> <class>org.apache.nifi.authorization.CompositeConfigurableUserGroupProvider</class> <property name="Configurable User Group Provider">file-user-group-provider</property> <property name="User Group Provider 1"></property> </userGroupProvider> <accessPolicyProvider> <identifier>file-access-policy-provider</identifier> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class> <property name="User Group Provider">file-user-group-provider</property> <property name="Authorizations File">./conf/authorizations.xml</property> <property name="Initial Admin Identity">CN=NIFIUSER,OU=Userpro,OU=CUsers,OU=Company,DC=company,DC=entp</property> <property name="Node Identity 1"></property> <property name="Node Group"></property> </accessPolicyProvider> <authorizer> <identifier>managed-authorizer</identifier> <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class> <property name="Access Policy Provider">file-access-policy-provider</property> </authorizer> </authorizers>
... View more
07-29-2025
11:11 AM
Hello, I installed NiFI 2.4.0. I added LDAP accounts and made the necessary settings for users to log in. However, users receive an “Insufficient Permissions” error after the login step. I granted permissions to users from the policy tab on the UI screen. What other settings do I need to make? Here are the configs I have setup for my authorizers.xml: <userGroupProvider> <identifier>file-user-group-provider</identifier> <class>org.apache.nifi.authorization.FileUserGroupProvider</class> <property name="Users File">./conf/users.xml</property> </userGroupProvider> <userGroupProvider> <identifier>ldap-user-group-provider</identifier> <class>org.apache.nifi.ldap.tenants.LdapUserGroupProvider</class> <property name="Authentication Strategy">SIMPLE</property> <property name="Manager DN">LDAP_USER</property> <property name="Manager Password">Password1</property> <property name="TLS - Keystore">/home/nifi/nifi/nifi-2.4.0/conf/srt.pfx</property> <property name="TLS - Keystore Password">Password</property> <property name="TLS - Keystore Type">JKS</property> <property name="TLS - Truststore">/home/nifi/nifi/nifi-2.4.0/conf/gbkeystore.jks</property> <property name="TLS - Truststore Password">Password</property> <property name="TLS - Truststore Type">JKS</property> <property name="TLS - Client Auth"></property> <property name="TLS - Protocol">TLSv1.2</property> <property name="TLS - Shutdown Gracefully"></property> <property name="Referral Strategy">FOLLOW</property> <property name="Connect Timeout">10 secs</property> <property name="Read Timeout">10 secs</property> <property name="Url">ldap://ldap.entp:389</property> <property name="Page Size"></property> <property name="Sync Interval">30 mins</property> <property name="Group Membership - Enforce Case Sensitivity">false</property> <property name="User Search Base">OU=CompanyUsers,OU=Company,DC=company,DC=entp</property> <property name="User Object Class">person</property> <property name="User Search Scope">ONE_LEVEL</property> <property name="User Search Filter">(sAMAccountName={0})</property> <property name="User Identity Attribute"></property> <property name="User Group Name Attribute"></property> <property name="User Group Name Attribute - Referenced Group Attribute"></property> <property name="Identity Strategy">USE_USERNAME</property> <property name="Group Search Base"></property> <property name="Group Object Class">group</property> <property name="Group Search Scope">ONE_LEVEL</property> <property name="Group Search Filter"></property> <property name="Group Name Attribute">cn</property> <property name="Group Member Attribute">member</property> <property name="Group Member Attribute - Referenced User Attribute"></property> </userGroupProvider> <accessPolicyProvider> <identifier>file-access-policy-provider</identifier> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class> <property name="User Group Provider">file-user-group-provider</property> <property name="Authorizations File">./conf/authorizations.xml</property> <property name="Initial Admin Identity">CN=NAME SURNAME,OU=CompanyUsers,OU=Company,DC=company,DC=entp</property> <property name="Node Identity 1"></property> <property name="Node Group"></property> </accessPolicyProvider> <authorizer> <identifier>managed-authorizer</identifier> <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class> <property name="Access Policy Provider">file-access-policy-provider</property> </authorizer> Here is my login-identity-providers.xml ; <loginIdentityProviders> <provider> <identifier>ldap-provider</identifier> <class>org.apache.nifi.ldap.LdapProvider</class> <property name="Authentication Strategy">SIMPLE</property> <property name="Manager DN">LDAP_USER</property> <property name="Manager Password">Password1</property> <property name="TLS - Keystore">home/nifi/nifi/nifi-2.4.0/conf/gbkeystore.jks</property> <property name="TLS - Keystore Password">Password</property> <property name="TLS - Keystore Type">jks</property> <property name="TLS - Truststore">home/nifi/nifi/nifi-2.4.0/conf/gbkeystore.jks</property> <property name="TLS - Truststore Password">Password</property> <property name="TLS - Truststore Type">jks</property> <property name="TLS - Client Auth"></property> <property name="TLS - Protocol">TLSv1.2</property> <property name="TLS - Shutdown Gracefully"></property> <property name="Referral Strategy">FOLLOW</property> <property name="Connect Timeout">10 secs</property> <property name="Read Timeout">10 secs</property> <property name="Url">ldap://ldap.entp:389</property> <property name="User Search Base">OU=CompanyUsers,DC=company,DC=entp</property> <property name="User Search Filter">(sAMAccountName={0})</property> <property name="Identity Strategy">USE_DN</property> <property name="Authentication Expiration">12 hours</property> </provider> </loginIdentityProviders>
... View more
Labels:
- Labels:
-
Apache NiFi