[
https://issues.apache.org/jira/browse/NIFI-4847?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Georgy updated NIFI-4847:
-------------------------
Attachment: nifi_error.PNG
> Ldap authorization problem in secure cluster
> --------------------------------------------
>
> Key: NIFI-4847
> URL: https://issues.apache.org/jira/browse/NIFI-4847
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 1.5.0
> Environment: 2 node cluster
> RHEL 7.3
> NiFi 1.5.0
> Windows AD
> Reporter: Georgy
> Priority: Major
> Attachments: nifi.zip, nifi_error.PNG
>
>
> Hi guys,
> Have a problem when using LDAP Auth with LDAP Authorization in NiFi secure
> cluster mode.
> My DN in AD looks so:
> CN=Lastname Firstname Middlename, OU=..., ...
> where CN consists of cyrillic chars (russian alphabet)
> After successful ldap auth and applying specified mappings NiFi passes CN
> only (only 1st, last, middle name) to ldap authorizer. In single mode I have
> no problems, my CN successfully passes authorization. But in cluster mode I
> have such error:
> Unknown user with identity 'Ð<U+0091>езÑ<U+0080>Ñ<U+0083>киÑ<U+0085>
> Ð<U+0093>еоÑ<U+0080>гийÐ<U+0093>еннадÑ<U+008C>евиÑ<U+0087>'.
> Returning Forbidden response.
> See attached screenshot with error message in UI.
> It seems that there is ISO-8859-1 chars but NiFi tries to implement it as
> UTF-8 sequence. Can't understand what is the reason of this transformation in
> cluster mode.
> I've tried ldap auth with "Identity Strategy = USE_DN" witthout any mappings
> and specified my sAMAccountName in file-user-group-provider as Initial User
> Identity. Such workaround works but I have to create other ldap users
> manually. So I would prefer ldap authorization.
> Can you help me to find out a solution?
> You can find conf & logs in attachment.
>
> Env:
> 2 node cluster
> NiFi 1.5.0
> RHEL 7.3
> Windows AD
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
