Member since
11-29-2020
4
Posts
0
Kudos Received
0
Solutions
01-04-2021
01:19 AM
Hi @Shelton Steps followed when integrating NiFi with LDAP:- Step 1:- Generated SSL certificates using tls toolkit $ ./bin/tls-toolkit.sh standalone -n "ambari.server" -C 'CN=admin,OU=NIFI' -o admin Generated files using above command: [root@ambari nifi-toolkit]# tree admin/ admin/ ├── ambari.server │ ├── keystore.jks │ ├── nifi.properties │ └── truststore.jks ├── CN=admin_OU=NIFI.p12 ├── CN=admin_OU=NIFI.password ├── nifi-cert.pem └── nifi-key.key Step 2:- Did NiFi SSL setup using Apache Ambari UI 2.1) Copied keystore.jks, nifi.properties & truststore.jks in NiFi conf directory 2.2) Configured Apache NiFi SSL setup https://drive.google.com/file/d/1DJUZE7cWseQkWl_En0_Rh_VSI39y3FiY/view?usp=sharing 2.3) Imported CN=admin_OU=NIFI.p12 certificate in browser for Initial Admin Login 2.4) Logged in with Initial Admin Identity via certificates. Also created users and given view & modify privileges in NiFi as mentioned in https://pierrevillard.com/2017/01/24/integration-of-nifi-with-ldap/comment-page-1/ Step 3:- Did NiFi LDAP configuration LDAP configuration: <provider>
<identifier>ldap-provider</identifier>
<class>org.apache.nifi.ldap.LdapProvider</class>
<property name="Authentication Strategy">SIMPLE</property>
<property name="Manager DN">cn=admin,dc=example,dc=org</property>
<property name="Manager Password">admin</property>
<property name="Referral Strategy">IGNORE</property>
<property name="Connect Timeout">10 secs</property>
<property name="Read Timeout">10 secs</property>
<property name="Url">ldap://ldap_ip_address:389</property>
<property name="User Search Base">dc=example,dc=org</property>
<property name="User Search Filter">cn={0}</property>
<property name="Authentication Expiration">12 hours</property>
</provider> Just wondering is this host existing ?? >> Yes, LDAP and the associated LDIF host exist and tested with ldapsearch [root@ambari nifi-toolkit]# ldapsearch -x -b "dc=example,dc=org" -h ldap_ip_address -p 389 -D "cn=admin,dc=example,dc=org" -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=example,dc=org> with scope subtree # filter: (objectclass=*) # requesting: ALL # # example.org dn: dc=example,dc=org objectClass: top objectClass: dcObject objectClass: organization o: Example Inc. dc: example # admin, example.org dn: cn=admin,dc=example,dc=org objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: e1NTSEF9TWpBN21xQ3VVdURYQ1k1cVpRd0x0NjE0NE9HcnVEQm0= # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 After following above steps when I try to login with LDAP users, I am getting unable to login in NiFi UI Can you suggest where things are going wrong?
... View more
01-01-2021
05:21 AM
Hello All, I have generated certificates for Initial Admin Identity using tls toolkit and secured my standalone NiFi node. I am able to login with Initial Admin Identity via client certificates. I have also created my LDAP users in NiFi and given them permissions to view and modify NiFi UI using Initial Admin Identity user. But when I am trying to login with my LDAP users, I am getting unable to login in NiFi UI. LDAP configuration: <provider>
<identifier> ldap-provider </identifier>
<class> org.apache.nifi.ldap.LdapProvider </class>
<property name= "Authentication Strategy" > SIMPLE </property>
<property name= "Manager DN" > cn=admin,dc=example,dc=org </property>
<property name= "Manager Password" > admin </property> <property name="Referral Strategy">IGNORE</property>
<property name= "Connect Timeout" > 10 secs </property>
<property name= "Read Timeout" > 10 secs </property>
<property name= "Url" > ldap://ldap_hostname:389 </property>
<property name= "User Search Base" > dc=example,dc=org </property>
<property name= "User Search Filter" > cn={0} </property>
<property name= "Authentication Expiration" > 12 hours </property>
</provider> There is no information present in app and users NiFi logs related to unable to login issue. Can someone suggest where things are going wrong & why am I getting unable to login in NiFi UI? How can we successfully login in NiFi with LDAP as authentication provider?
... View more
Labels:
- Labels:
-
Apache Ambari
-
Apache NiFi
