Georgy created NIFI-4847:
----------------------------
Summary: Ldap authorization problem in secure cluster
Key: NIFI-4847
URL: https://issues.apache.org/jira/browse/NIFI-4847
Project: Apache NiFi
Issue Type: Bug
Components: Core Framework
Affects Versions: 1.5.0
Environment: 2 node cluster
RHEL 7.3
NiFi 1.5.0
Windows AD
Reporter: Georgy
Attachments: nifi.zip, nifi_error.PNG
Hi guys,
Have a problem when using LDAP Auth with LDAP Authorization in NiFi secure
cluster mode.
My DN in AD looks so:
CN=Lastname Firstname Middlename, OU=..., ...
where CN consists of cyrillic chars (russian alphabet)
After successful ldap auth and applying specified mappings NiFi passes CN only
(only 1st, last, middle name) to ldap authorizer. In single mode I have no
problems, my CN successfully passes authorization. But in cluster mode I have
such error:
Unknown user with identity 'Ð<U+0091>езÑ<U+0080>Ñ<U+0083>киÑ<U+0085>
Ð<U+0093>еоÑ<U+0080>гийÐ<U+0093>еннадÑ<U+008C>евиÑ<U+0087>'.
Returning Forbidden response.
See attached screenshot with error message in UI.
It seems that there is ISO-8859-1 chars but NiFi tries to implement it as UTF-8
sequence. Can't understand what is the reason of this transformation in cluster
mode.
I've tried ldap auth with "Identity Strategy = USE_DN" witthout any mappings
and specified my sAMAccountName in file-user-group-provider as Initial User
Identity. Such workaround works but I have to create other ldap users manually.
So I would prefer ldap authorization.
Can you help me to find out a solution?
You can find conf & logs in attachment.
Env:
2 node cluster
NiFi 1.5.0
RHEL 7.3
Windows AD
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
