Hi, are your hosts registered in LDAP properly? If you don't want them to come from LDAP then they should come from the file-user-group-provider as initial user identities in addition to your "Initial User Identity 1".
Peter On Tue, Sep 18, 2018 at 11:54 AM nifi-san <nairsande...@gmail.com> wrote: > Hello, > > We are trying to integrate Nifi-7.1 with SSL and LDAP. > > We have two different Nifi installation,one which is a standalone node and > the other which is a three node cluster. > > Nifi Standalone:- > We were able to successfully integrate the Standalone node with SSL and > login to the Nifi UI with the client certificate. > > Nifi Cluster:- > With the same configurations for authorizers.xml as is for the Nifi > standalone, on the Nifi cluster nodes,we get the below error:- > > ERROR:- > ******************************************** > Insufficient Permissions > Untrusted proxy CN=host1, OU=NIFI > ******************************************** > > The authorizers.xml configurations on the cluster is as follows:- > > <?xml version="1.0" encoding="UTF-8" standalone="yes"?> > <authorizers> > <userGroupProvider> > <identifier>file-user-group-provider</identifier> > <class>org.apache.nifi.authorization.FileUserGroupProvider</class> > <property name="Users > File">/opt/app/resources/nifi/users.xml</property> > <property name="Legacy Authorized Users File"></property> > > <property name="Initial User Identity 1">CN=NADMIN, > OU=NIFI</property> > </userGroupProvider> > <accessPolicyProvider> > <identifier>file-access-policy-provider</identifier> > > <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class> > <property name="User Group > Provider">file-user-group-provider</property> > <property name="Authorizations > File">/opt/app/resources/nifi/authorizations.xml</property> > <property name="Initial Admin Identity">CN=NADMIN, > OU=NIFI</property> > <property name="Legacy Authorized Users File"></property> > > <property > name="ohlvnfiap002dd.oh.dev.dat.aws.vz-connect.net"></property> > <property name="Node Identity 1">CN=host1, OU=NIFI</property> > <property name="Node Identity 2">CN=host2, OU=NIFI</property> > <property name="Node Identity 3">CN=host3, OU=NIFI</property> > </accessPolicyProvider> > <authorizer> > <identifier>managed-authorizer</identifier> > > <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class> > <property name="Access Policy > Provider">file-access-policy-provider</property> > </authorizer> > </authorizers> > > We have checked the FQDN and the CN Name of the certificates generated and > all other configurations but could not identify anything specifically that > could be the root cause of the issue. > > Apart from the above error with respect to privilege, we do not see any > other error in the logs. > > The same configurations worked fine on Nifi-1.3,however, not sure why it > does not work on Nifi-1.7. > Also, it works fine on the standalone node but not on the cluster. > > Appreciate if you could provide any assistance on this as it has already > been a while that we have been blocked because of this issue. > > > > -- > Sent from: http://apache-nifi-developer-list.39713.n7.nabble.com/ >