Member since
01-25-2021
5
Posts
0
Kudos Received
0
Solutions
02-01-2021
01:13 PM
1 Kudo
@JorgeO Looking at your nifi-user.log output we see the caused by line as: Caused by: org.springframework.dao.IncorrectResultSizeDataAccessException: Incorrect result size: expected 1, actual 2 This means that your LDAP/AD returned two results instead of only one. NiFi then has not idea which of those returns is the correct one it should be using. So this either an issue within your LDAP/AD or an issue within your current login-identity-providers.xml filters. But your last shared file looks fine to me. I would suggest using the ldapsearch command to run a ldap query outside of NiFi to see what returns you get for your admin user (cn=<admin user>) Hope this helps, Matt
... View more
01-26-2021
06:16 AM
@SAMSAL The NiFi login-identity-providers.xml is not used to sync users from ldap. Configuring this will not result in any user being added in to the list of users within NiFi's UI. This "ldap-provider" is a login provider which when configured provides and additional user authentication method for accessing NiFi's UI. Configuring the ldap-provider does not disable TLS based authentication. It simply changes the TSL handshake from a "require" client certificate to a "want" client certificate request from NiFi. If the client does not present a client certificate during the TLS handshake, NiFi redirects to the login UI where users can enter their ldap/AD username and password to authenticate themselves to NiFi. Users and groups can be synced from ldap, but that is done within the NiFi authorizers.xml file using the ldap-user-group-provider. I also noticed from your ldap-provider login that you are using "SIMPLE" Authentication Strategy which means that none of the TLS properties are used, so no need to set them. Hope this helps, Matt
... View more