[jira] [Resolved] (NIFI-4847) Ldap authorization problem in secure cluster

Mon, 05 Jan 2026 02:39:41 -0800 


     [ 
https://issues.apache.org/jira/browse/NIFI-4847?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pierre Villard resolved NIFI-4847.
----------------------------------
    Resolution: Feedback Received

Apache NiFi 1.x is no longer maintained and no new release is planned on the 
1.x release line. Marking as resolved as part of a cleanup operation. Please 
open a new one with an updated description if this is still relevant for NiFi 
2.x.

> Ldap authorization problem in secure cluster
> --------------------------------------------
>
>                 Key: NIFI-4847
>                 URL: https://issues.apache.org/jira/browse/NIFI-4847
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.5.0
>         Environment: 2 node cluster
> RHEL 7.3
> NiFi 1.5.0
> Windows AD
>            Reporter: Georgy
>            Priority: Major
>         Attachments: nifi.zip, nifi_error.PNG
>
>
> Hi guys,
> Have a problem when using LDAP Auth with LDAP Authorization in NiFi secure 
> cluster mode.
> My DN in AD looks so:
>  CN=Lastname Firstname Middlename, OU=..., ... 
>  where CN consists of cyrillic chars (russian alphabet)
> After successful ldap auth and applying specified mappings NiFi passes CN 
> only (only 1st, last, middle name) to ldap authorizer. In single mode I have 
> no problems, my CN successfully passes authorization. But in cluster mode I 
> have such error:
>  Unknown user with identity 'Ð<U+0091>езÑ<U+0080>Ñ<U+0083>киÑ<U+0085> 
> Ð<U+0093>еоÑ<U+0080>гийÐ<U+0093>еннадÑ<U+008C>евиÑ<U+0087>'. 
> Returning Forbidden response.
>  See attached screenshot with error message in UI.
> It seems that there is ISO-8859-1 chars but NiFi tries to implement it as 
> UTF-8 sequence. Can't understand what is the reason of this transformation in 
> cluster mode.
> I've tried ldap auth with "Identity Strategy = USE_USERNAME" witthout any 
> mappings and specified my sAMAccountName in file-user-group-provider as 
> Initial User Identity. Such workaround works but I have to create other ldap 
> users manually. So I would prefer ldap authorization.
> Can you help me find solution?
> You can find conf & logs in attachment.
>  
> Env:
>  2 node cluster
>  NiFi 1.5.0
>  RHEL 7.3
>  Windows AD
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to