Cloudera Community
STK
user rank
New Contributor

Re: Apache NIFI Integration with LDAP Issue

by New Contributor in Support Questions
β€Ž02-24-2022 07:49 AM
β€Ž02-24-2022 07:49 AM
Great .. This works πŸ•ΊThank you @araujo    ... View more

Apache NIFI Integration with LDAP Issue

by New Contributor in Support Questions
β€Ž02-23-2022 07:21 PM
β€Ž02-23-2022 07:21 PM
HI,    I am having an issue in LDAP integration with NIFI version 1.15.3. I can able to login the admin screen, i added policy for "modify component". but when i drag and drop the process or process group into the screen. it appear in read only ( with doted line). in the log it is saying "Unable to find access policy for write on /process-groups/2740a80a-017f-1000-a4b3-70d6580cdb38. Returning Not Found response"     My configuration below login-identity-providers.xml     <provider> <identifier>ldap-provider</identifier> <class>org.apache.nifi.ldap.LdapProvider</class> <property name="Authentication Strategy">SIMPLE</property> <property name="Manager DN">cn=admin,dc=ae,dc=test,dc=com</property> <property name="Manager Password">a@psswd</property> <property name="TLS - Keystore"></property> <property name="TLS - Keystore Password"></property> <property name="TLS - Keystore Type"></property> <property name="TLS - Truststore"></property> <property name="TLS - Truststore Password"></property> <property name="TLS - Truststore Type"></property> <property name="TLS - Client Auth"></property> <property name="TLS - Protocol"></property> <property name="TLS - Shutdown Gracefully"></property> <property name="Referral Strategy">FOLLOW</property> <property name="Connect Timeout">10 secs</property> <property name="Read Timeout">10 secs</property> <property name="Url">ldap://ldapurl.com:389</property> <property name="User Search Base">dc=ae,dc=tt,dc=com</property> <property name="User Search Filter">uid={0}</property> <property name="Identity Strategy">USE_DN</property> <property name="Authentication Expiration">12 hours</property> </provider>     authorizers.xml   <userGroupProvider> <identifier>file-user-group-provider</identifier> <class>org.apache.nifi.authorization.FileUserGroupProvider</class> <property name="Users File">./conf/users.xml</property> <property name="Legacy Authorized Users File"></property> <property name="Initial User Identity 1"></property> </userGroupProvider> <userGroupProvider> <identifier>ldap-user-group-provider</identifier> <class>org.apache.nifi.ldap.tenants.LdapUserGroupProvider</class> <property name="Authentication Strategy">SIMPLE</property> <property name="Manager DN">cn=admin,dc=ae,dc=test,dc=com</property> <property name="Manager Password">passwd</property> <property name="TLS - Keystore"></property> <property name="TLS - Keystore Password"></property> <property name="TLS - Keystore Type"></property> <property name="TLS - Truststore"></property> <property name="TLS - Truststore Password"></property> <property name="TLS - Truststore Type"></property> <property name="TLS - Client Auth"></property> <property name="TLS - Protocol"></property> <property name="TLS - Shutdown Gracefully"></property> <property name="Referral Strategy">FOLLOW</property> <property name="Connect Timeout">10 secs</property> <property name="Read Timeout">10 secs</property> <property name="Url">ldap://ldapurl.com:389</property> <property name="Page Size"></property> <property name="Sync Interval">30 mins</property> <property name="Group Membership - Enforce Case Sensitivity">false</property> <property name="User Search Base">ou=users,dc=ae,dc=test,dc=com</property> <property name="User Object Class">person</property> <property name="User Search Scope">ONE_LEVEL</property> <property name="User Search Filter">(uid=*)</property> <property name="User Identity Attribute">cn</property> <property name="User Group Name Attribute"></property> <property name="User Group Name Attribute - Referenced Group Attribute"></property> <property name="Group Search Base"></property> <property name="Group Object Class">posixGroup</property> <property name="Group Search Scope">ONE_LEVEL</property> <property name="Group Search Filter"></property> <property name="Group Name Attribute"></property> <property name="Group Member Attribute"></property> <property name="Group Member Attribute - Referenced User Attribute"></property> </userGroupProvider> <userGroupProvider> <identifier>composite-configurable-user-group-provider</identifier> <class>org.apache.nifi.authorization.CompositeConfigurableUserGroupProvider</class> <property name="Configurable User Group Provider">file-user-group-provider</property> <property name="User Group Provider 1">ldap-user-group-provider</property> </userGroupProvider> <accessPolicyProvider> <identifier>file-access-policy-provider</identifier> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class> <property name="User Group Provider">composite-configurable-user-group-provider</property> <property name="Authorizations File">./conf/authorizations.xml</property> <property name="Initial Admin Identity">admin</property> <property name="Legacy Authorized Users File"></property> <property name="Node Identity 1"></property> <property name="Node Group"></property> </accessPolicyProvider> <authorizer> <identifier>managed-authorizer</identifier> <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class> <property name="Access Policy Provider">file-access-policy-provider</property> </authorizer>     nifi.properties   # cluster node properties (only configure for cluster nodes) # nifi.cluster.is.node=false nifi.cluster.node.address= nifi.cluster.node.protocol.port= nifi.cluster.node.protocol.max.threads=50 nifi.cluster.node.event.history.size=25 nifi.cluster.node.connection.timeout=5 sec nifi.cluster.node.read.timeout=5 sec nifi.cluster.node.max.concurrent.requests=100 nifi.cluster.firewall.file= nifi.security.autoreload.enabled=false nifi.security.autoreload.interval=10 secs nifi.security.keystore=./conf/keystore.jks nifi.security.keystoreType=jks nifi.security.keystorePasswd=0qIPg+dsdassfsff/alLIAP0KzS7Wug nifi.security.keyPasswd=0qIPg+dfsdfsdds/alLIAP0KzS7Wug nifi.security.truststore=./conf/truststore.jks nifi.security.truststoreType=jks nifi.security.truststorePasswd=Vj1hmYot5b+adfsfdssdf/Ep+jVBH37O7E nifi.security.user.authorizer=managed-authorizer nifi.security.allow.anonymous.authentication=false nifi.security.user.login.identity.provider=ldap-provider nifi.security.user.jws.key.rotation.period=PT1H nifi.security.identity.mapping.pattern.dn=^cn=(.*?),ou=(.*?),dc=(.*?),dc=(.*?),dc=(.*?)$ nifi.security.identity.mapping.value.dn=$1 nifi.security.identity.mapping.transform.dn=NONE     Not sure what is wrong here. not able to create process group.   ... View more
Labels:
Contact Me
Online
Offline
Last Visited
β€Ž07-26-2024 02:11 PM
Community Statistics
Member Since β€Ž02-23-2022 07:01 PM
Last Visited β€Ž07-26-2024 02:11 PM
Posts 2