Jérôme O'Keeffe created NIFI-7107:
-------------------------------------
Summary: Connection to couchbase using LDAP users
Key: NIFI-7107
URL: https://issues.apache.org/jira/browse/NIFI-7107
Project: Apache NiFi
Issue Type: Bug
Components: Configuration Management
Affects Versions: 1.9.0
Environment: Linux, CentOS7
Reporter: Jérôme O'Keeffe
Hello,
So we are currently using Nifi to send documents to Couchbase. As we had
switched over LDAP users we encounter an issue. It's not possible to contact
using the current connectEnvironment builder.
Looking through the development of the Java SDK of couchbase, the feature Add
force SASL PLAIN for LDAP compliance (JVMCBC-473) was added in version 2.5.3 to
disable SCRAM-SHA authentication (with which the password is hashed) and use
PLAIN authentication instead (Nifi currently is using 2.5.8). This is required
because LDAP can't take the password if it has already been hashed, as it needs
to be compared to the password stored on the LDAP server. The default setting
for this is false, so PLAIN authentication is not used by default.
So, in the case where LDAP users are required, we should find a way to add
forcePlain() to the ConnectEnvironment builder. We should maybe add a boolean
inside the PutCouchbaseKey or GetCouchbaseKey to add this forcePlain depending
on the type of connection (LDAP or local).
Regards,
Jérôme
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
