Thanks MattWho, Yeah We figure out that the causing of issue the special character.  Thank you Very Much ... View more

@ajignacio  In the stack trace yoou'll see below: Caused by: org.apache.lucene.store.AlreadyClosedException: Underlying file changed by an external force   This indicates that something external to your NiFi is changing the provenance files.  When we see this it is most commonly the result of some virus software scanning the NiFi repositories and during that modifying the the files.    You should make sure that any external service exclude the NiFi repositories from scanning and modification. If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped. Thank you, Matt ... View more

@ajignacio  User and group identity strings much match identically. Your ldap-user-group-provider is syncing users and groups by the identity string found in the CN AD attribute.  This is why you are seeing only the CN username and CN groupname strings in the users UI within NiFi. However, when you are logging in to NiFi to authenticate you user via the ldap-provider, the resulting user identity sting is the users full AD Distinguished Name (DN).  NiFi treats different strings as different users. The  ldap-provider can be changed to use the user identity string typed in the username field instead of using the full DN.  This is done by changing the following property: <property name="Identity Strategy">USE_DN</property> change it to : <property name="Identity Strategy">USE_USERNAME</property> Upon successful authentication the resulting user identity is evaluated against any identity mapping patterns that may be configured in the nifi.properties file.  The resulting mapped value is then passed to the configured authorizer (managed-authorizer in your setup).  There the authorizers is looking up that user identity string (case sensitive) against the user strings synced by your configured users group providers.  If an exact match is found both the user string and the now learned group string(s) are checked against the configured NiFi policies to determine authorization. If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped.   Thank you, Matt     ... View more

Thanks André. Our Application is running as http not https. See the result below.   [nifi1 ~]$ openssl s_client -connect ldap.dev.abcde:389 CONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 289 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session:     Protocol  : TLSv1.2     Cipher    : 0000     Session-ID:     Session-ID-ctx:     Master-Key:     Key-Arg   : None     Krb5 Principal: None     PSK identity: None     PSK identity hint: None     Start Time: 1662113057     Timeout   : 300 (sec)     Verify return code: 0 (ok) --- Please advise if there something we need to install/configure in our application   Thanks, Alvin ... View more

Thank you Matt sorry for the super delay response but it's very helpful ... View more