Re: How can NIFI dynamically update SAS Tokens for Azure Blob Storage processors.

I agree, the Controller Service needs to be enhanced to support rotating SAS tokens. I know of a few users that have run into this exact problem. Technically, it should possible to write a custom implementation of the ADLSCredentialsService API that did this, but it would be ideal if NiFi

Re: Problems using registry configured with git

Hi David, Are you using nested versioned process groups, i.e., does the PG you version control in Step 3 contain a nested PG that is independently versioned? If you configure the GitFlowPersisence provider for a brand new / empty registry, it should pull the metadata for buckets from git on

RE: [EXTERNAL] Re: Disabling flows - nifi registry

dataflow manager or a developer inadvertently right click and > select “start” on the root canvas page, that will start all the components > in the child process groups. > > Thanks > > Deepak > > *[image: image005]* > > *Deepak Reddy* | Data Engineer > ​IT Centers of Excellen

Re: How to auto-create users based on OIDC group membership?

Hi Dave, I understand the type of auto-user registration for authenticated users that you're describing, which a lot of OIDC-based web apps support. Unfortunately, NiFi cannot support that at this time. It would be a cool feature. It's not impossible that NiFi could support it one day. We would

Re: [EXTERNAL] Re: Disabling flows - nifi registry

to review all >> changes in production before committing so that I am not accidentally >> committing untested “workarounds” that got me out of trouble this morning >> but would not like to persist in the code base. >> >> >> >> *Steve Hindmarch* >> &

RE: [EXTERNAL] Re: Disabling flows - nifi registry

art all the components > in the child process groups. > > Thanks > > Deepak > > *[image: image005]* > > *Deepak Reddy* | Data Engineer > ​IT Centers of Excellence > 13736 Riverport Dr., Maryland Heights, MO 63043 > > > > *From:* Kevin Doran > *Sen

RE: [EXTERNAL] Re: Disabling flows - nifi registry

age005]* > > *Deepak Reddy* | Data Engineer > ​IT Centers of Excellence > 13736 Riverport Dr., Maryland Heights, MO 63043 > > > > *From:* Kevin Doran > *Sent:* Friday, December 9, 2022 9:33 AM > *To:* users@nifi.apache.org > *Subject:* [EXTERNAL] Re: Disabling

Re: Error on nifi start

Yep, was just about to say the same. NiFi 1.14.0 does not run on Java 17, but recent versions of NiFi do. So either move to a NiFi >= 1.16.3 which does support on Java 17, or else downgrade Java to 8 or 11. On Dec 13, 2022 at 10:47:00, Joe Witt wrote: > We support 8, 11, and 17 now. As far as

Re: Disabling flows - nifi registry

Hi Deepak, So far, we have been honoring the following policy for what constitutes a change in version control: - stopped/started does not count as a "local change" - enabled/disabled does count as a change, and that state is captured in the flow snapshot json version saved to

Re: NiFi Registry Bug which brakes the flow sync with NiFi 1.18.0 (and same version of the registry) on nested flows

I believe as soon as this is merged Joe Witt is planning to prepare the 1.19.1 RC candidate and open the vote. We should have a release by next week unless something comes up On Dec 1, 2022 at 07:44:29, josef.zahn...@swisscom.com wrote: > Hi Bence > > > > Ok got it, thanks a lot, So we will

Re: Trouble configuring logging

with little more than environment variables, etc. > > > [1] https://gist.github.com/ChrisSamo632/813fdfec45f1e0e28c674b133f036811 > > --- > *Chris Sampson* > IT Consultant > chris.samp...@naimuri.com > > > On Thu, 29 Sept 2022 at 01:21, Kevin Doran wrote: &

Re: Trouble configuring logging

tail" of the "nifi-app.log" file (as we no longer have that file in our > config and the logback.xml sends everything to StdOut anyway). > > > > > [1] https://gist.github.com/ChrisSamo632/813fdfec45f1e0e28c674b133f036811 > > --- > *Chris Sampson* > IT Consultant &g

Re: Trouble configuring logging

y need to update the logging for the appender writing to > the bootstrap file: > class="ch.qos.logback.core.rolling.RollingFileAppender”> > > And redirect that to standard out > > Thanks > -Mark > > > On Sep 28, 2022, at 9:48 AM, Kevin Doran wrote: > > Dylan - I l

Re: Trouble configuring logging

Dylan - I looked into this and am yet unable to offer an explaination. Perhaps others that are familiar with how org.apache.nifi.StdOut can shed some light, or else I will keep digging when I have a block of time. To help in my understanding: Which Docker image are you using? Is it the apace/nifi

Re: ConsumeIMAP Invalid credentials error and Gmail disabling less secured apps access

Hi Valentina, I've not tried this myself, so I cannot be sure it is a solution here, but have you tried generating a Google App Password [1] for the Gmail account to use in NiFi in place of the user password? I'm not sure if it is a drop-in replacement or not, but worth trying to see if it

Re: R: How to see the request header created by InvokeHTTP?

a del > Lavoro 67 > > www.dedagroup.it/public-services > > > > <http://www.dedagroup.it/home> > > > > *Da:* Kevin Doran > *Inviato:* mercoledì 2 marzo 2022 16:39 > *A:* users@nifi.apache.org > *Oggetto:* Re: How to see the request header creat

Re: How to see the request header created by InvokeHTTP?

Hi Luca, Based on looking at the code here [1], I believe you need to enable debug-level logging for this logger: org.apache.nifi.processors.standard.InvokeHTTP Instructions for changing log level for individual component loggers can be found here [2]. (Ignore the part about attaching a remote

Re: Running unsecured Nifi in Docker

eption: Flow > controller TLS configuration is invalid > > > > > *Jean-Sébastien Vachon * > Co-Founder & Architect > > > *Brizo Data, Inc. www.brizodata.com > <https://outlook.office365.com/mail/options/mail/messageContent/www.brizodata.com> > * > -

Re: Running unsecured Nifi in Docker

There have been some changes recently, and NiFi is now secure by default with a self-signed cert I believe. It could be that NIFI_WEB_HTTP_PORT conflicts with the expected NIFI_WEB_HTTPS_PORT. Try this: nifi: image: apache/nifi:latest ports: - "8443:8443" # UI - "1"

Re: Penalty feature of Processor (Disable)

Seems like a nice improvement. I would lean towards introducing the RetryableLookupFailureException. At the same time, I think we should add catch blocks for more specific subclasses of SQLException, such as SQLTransientException, which would also trigger a RetryableLookupFailureException

Re: Help on setting up authentication between NiFi and NiFi Registry

Hi Tony, The typical approach I have seen is to allow NiFi to authenticate to NiFi Registry using a client certificate. This can be achieved alongside LDAP authentication by configuring NiFi Registry using a ConfiguableCompositeUserGroupProvider, with a FileUserGroupProvider to manage

Re: Run Nifi in IntelliJ to debug?

Hi, Darren - I am not aware of a method of running a full NiFi instance directly in IntelliJ, but I use the method Matt mentioned: attaching IntelliJ as a remote debugger to a running NiFi instance. I put together a guide a few years back for folks unfamiliar with this process or new to

Re: Securing NiFI behind a proxy (NGINX).

Hi, Your understanding is correct: In order to get the connections you want, NGINX will have to be recognized by NiFi as an authorized proxy. The client certificate DN will be used for each request, provided NGINX terminates that TLS connection from the client and passes the DN of the

Re: In memoriam of Jeff Storck

Jeff, you were a fantastic collaborator and friend. You will be dearly missed. Thank you for all your contributions, and for all you’ve shown and taught me over the years. You’ve left behind a great legacy that will continue to have a positive impact on the world for years to come, not just

Re: Multiple access login NiFi

Hi Daniel, This is unexpected, and I’ve never heard of someone experiencing the behavior you describe until now. NiFi does allow multiple, simultaneous connections from different users without any special configuration to enable that. Can you share some details about your NiFi version and

Re: Suggestions for Flow Development Lifestyle

I’ve always thought along the lines Otto suggests, that eventually, given some way of formatting the diff, there would also be some visual tool in the ecosystem that would help visualize that diff and could be used specifically in the context of reviewing/merging changes. Lots of good

Re: OIDC Secured NiFi with Secure NiFi Registry (certs?)

This is a very good question, and Pierre gives a good summary of how to go about solving for it. Essentially, you need to configure NiFi Registry for how to know about the users and groups that will be passed to it. That is the authorizers.xml file Pierre mentioned. There are two options for a

Re: Problem with Context Path Whitelisting

Swarup, First, thanks for the great email. Nice job troubleshooting this and sharing your findings with the community. I'm more familiar with how these types of things get configured on NiFi Registry than NiFi, so I'm not as much help as others. But I did take a look and one thing I noticed was

Re: In nifi-registry, why can't I edit other users privileges

xplain the user what is wrong. But I'm only a user ;-) (a little grumpy, this morning, indeed) Le 04/09/2019 à 18:59, Kevin Doran a écrit : > Hi Nicolas, > > Is it possible you changed the initial admin identity at some point? > If so, you will need to delete authorizations.xml and

Re: In nifi-registry, why can't I edit other users privileges

Hi Nicolas, Is it possible you changed the initial admin identity at some point? If so, you will need to delete authorizations.xml and restart NiFi Registry to allow it to be recreated with the new initial admin. Also, nifi registry never allows modifying the permissions for the current user.

Re: NiFi 1.9.1 release contains a bug causing content repos to fill...

My apologies, the link I sent in my last message [1] may not be accessible unless you are signed into Jira. If you cannot view that link, see [2]. [2] https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020=12345213 On Tue, Apr 2, 2019 at 1:18 PM Kevin Doran wrote

Re: NiFi 1.9.1 release contains a bug causing content repos to fill...

For what it's worth, v1.9.2 is going to include a number of bug fixes in addition to NIFI-6150. While the other bugs are not nearly as critical (depending on your usage of NiFi), all the more the reason to upgrade to 1.9.2 rather than patching a 1.9.1 install. For a full list of what's been

Re: NiFi registry - encrypt providers.xml?

: Kevin Doran Sent: Thursday, March 28, 2019 4:00 PM To: users@nifi.apache.org Subject: Re: NiFi registry - encrypt providers.xml? Yeah sorry, I should have specified that your ssh key needs to be password-less for this to work (your suspicion was correct!). So we recommend doing that and securing

Re: NiFi registry - encrypt providers.xml?

> Thanks, > > Dave > > > > -Original Message- > From: Kevin Doran > Sent: Thursday, March 28, 2019 12:20 PM > To: users@nifi.apache.org > Subject: Re: NiFi registry - encrypt providers.xml? > > This is not possible at this time. We recommend configurin

Re: NiFi registry - encrypt providers.xml?

This is not possible at this time. We recommend configuring your git repo so that the remote and push using ssh key pairs of the NiFi Registry run-as user and protecting the private key on disk. in other words, if on the linux host as the user that nifi registry runs as, you should be able to push

Re: LDAP User Authentication Issue - Unable to validate supplied credentials

Hello, The IdentityAccessException indicates that the NiFi server did successfully receive and recognize LDAP username and password credentials in the request, but was unable to communicate with the LDAP server in order to authenticate them. The nested exception "socket closed" does not give a

Re: Empty "nifi users" page.

How many users and groups do you expect to sync? Are you able to test your search base and filter are correct using a command line tool such as ldapsearch? I'm not sure if a search filter is required (although it would probably fail with an error if it was), but maybe try setting a "match all"

Re: Problems with NiFi Registry Conflicts after Processor Upgrades

Chad, I wanted to echo Bryan and say thanks for sharing the details of an upgrade process that works. Until we have improved NiFi to handle the upgrades regardless of order of steps, this is a helpful reference for the community for a sequence that can work. Cheers, Kevin On Tue, Mar 19, 2019

Re: How to integrate Secured Ragistry with Secured Nifi

ocker-compose/blob/master/docker-compose-registry.yml > >> > >> > >> I can't remember if I kept the LDAP docker container referenced in it, > >> but you should be able to look at it and figure out how to link everything > >> up from that with Docker Co

Re: How to integrate Secured Ragistry with Secured Nifi

Hi Tom, Given that you are getting a Connection refused exception and not an HTTP 401 or 403, I suspect that the problem is networking related and not authentication/authorization. Are the two docker containers on the same docker network? Can you resolve/ping the Registry container from the

Re: Automate NiFi Ranger Policies

policy so they don't lose access to their own > application? Does NiFi keep that information? > > Thanks, > Chad > > On Fri, Feb 15, 2019 at 2:02 PM Kevin Doran wrote: > > > Hi Chad, > > > > I've never done this, but if I were to go about it I would create a

Re: Automate NiFi Ranger Policies

Hi Chad, I've never done this, but if I were to go about it I would create a script / cron job to poll the NiFi REST API [1] periodically, and upon detection of a new "Application PG", create the corresponding policies in Ranger via its REST API [2]. You'll have to create service accounts in

Re: Nifi registry Kerberos Auth with Docker

run the sync less frequently if you are worried about background processing or load on your AD server. Cheers, Kevin > BR, > Tom > > On Wed, 13 Feb 2019, 15:29 Kevin Doran > > > Hi Tom, > > > > How are you configuring the various config files? Through t

Re: Nifi registry Kerberos Auth with Docker

Hi Tom, Are you using the apache/nifi-registry image or a custom image for this? Have you configured TLS? Can you share your complete conf dir (removing sensitive values such as password or domains)? Thanks, Kevin On February 7, 2019 at 05:57:37, Tomislav Novosel (to.novo...@gmail.com)

RE: Java exception when attempting to update version from registry

e pushed > out? Basically > the "bad thing" is already embedded in the change history of the flow? > > Russ Weiher > BI CI Solutions Architect > Progenity, Inc. > > > -Original Message- > From: Kevin Doran [mailto:kdo...@apache.org]

RE: Java exception when attempting to update version from registry

upId": "1116ed97-c7f7-3776-a2c4-82c5e7fd298d" > }, > { > "componentId": "cc69de3d-623b-3e43-9e9f-6d2b47ed7bdd", > "componentName": "ExtractText", > "componentType": "Processor", > "differences": [ > { >

RE: Java exception when attempting to update version from registry

oncurrent.FutureTask.run(FutureTask.java:266) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > > > Russ

Re: Java exception when attempting to update version from registry

Sorry, forgot to add -- can you include the full stack trace for the IllegalStateException as well? It should be in the nifi-app.log file. Thanks, Kevin On January 10, 2019 at 11:13:33, Kevin Doran (kdo...@apache.org) wrote: > Hi Russ, > > You mentioned you're using NiFi 1.6. Wha

Re: Java exception when attempting to update version from registry

Hi Russ, You mentioned you're using NiFi 1.6. What version of NiFi Registry are you running? Is the error message consistent? What is the sequence of steps you are using to move the flow snapshot from DEV to QA? Is it all through the NiFi UI (i.e., both environments are pointed to the same

Re: Truststore/Trusted hostname

Hi Walter, I could be mistaken, but my interpretation of the Trusted Hostname configuration option is that it is designed to work with/in-addition-to the truststore, not instead of a truststore as an alternative trust mechanism.  Basically, I think it is to be used in situations when the

Re: Expression language - Convert ISO 8601 to unixtimestamp

any suggestion on this. Regards, Faisal On Tue, Dec 4, 2018 at 1:49 AM Kevin Doran mailto:kdoran.apa...@gmail.com>> wrote: Hi Faisal, It appears whatever is writing these date strings that you have for inputs is writing microseconds, not milliseconds, So when you are using `.SS

Re: Expression language - Convert ISO 8601 to unixtimestamp

Hi Faisal, It appears whatever is writing these date strings that you have for inputs is writing microseconds, not milliseconds, So when you are using `.SS`, that is, in this case `937000` microseconds being interpreted by the expression language java parser as 937000 milliseconds (15

Re: Multiple NiFi clusters with 1 NiFi Rigistry

a reverse proxy (Nginx) in front of NiFi Registry to only pass mutation requests (POST/PUT/DELETE) from dev NiFi hosts. https://serverfault.com/questions/152745/nginx-proxy-by-request-method Thanks, Koji On Tue, Nov 20, 2018 at 11:33 PM Kevin Doran wrote: >

Re: Multiple NiFi clusters with 1 NiFi Rigistry

I think Bryan’s correct that this makes a good feature request for Registry. One idea is if you are able to set separate policies for production NiFi and non-production NiFi, then you could limit the user policies to read only for the NiFi canvas / process group and only allow a service account

Re: Nifi Registry + Git: target registry ignores git flows

users@nifi.apache.org > Subject: Re: Nifi Registry + Git: target registry ignores git flows > > > > Assuming you have a dev DB & git repo and then a prod DB & git repo, > each DB goes with the corresponding repo and has ids that are unique > to the environment, so you

Re: Nifi Registry + Git: target registry ignores git flows

ot it now – I didn’t realize that you had to create a bucket and empty flow in the ‘prd’ repository before you could import a version into that flow. For some reason I thought ‘Import Flow’ would create the bucket and flow if it didn’t already exist. Thanks for the help! Dave From: Kevin

Re: Nifi Registry + Git: target registry ignores git flows

59975-2683-4e84-91f5-f616bbed207a version 1 was not found in bucket CleverGit:34658e23-c138-4085-9280-6359f322672d. Am I going about this the wrong way? Should I just be using the default flow persistence provider? Thanks, Dave From: Kevin Doran Sent: Saturday, September 8, 2018 1:54 PM To: users@nifi.ap

Re: Nifi Registry + Git: target registry ignores git flows

Mike is correct – it is likely due to mismatch of metadata (bucket ids and flow ids) in the two environments. The recommended way to move flow snapshots across air-gapped environments at this time is and export/import with the NiFi CLI [1], a tool included the NiFi Toolkit, which you can

Re: Adding processor property broke ability to commit changes to the registry

issing. It's like the registry doesn't know what to do since we added that new property. So yeah, it very much knows something changed, but it just won't let us commit. It doesn't even show that option. Thanks, Mike On Fri, Aug 24, 2018 at 10:00 AM Kevin Doran mailto:kdo...@apache.org>&

Re: Adding processor property broke ability to commit changes to the registry

Hi Mike, I’ve never seen this before. I have a few questions for you to help me understand what could be going on: 1. When you say the custom processor got a new property, do you mean that the custom processor was modified to include a new property definition, and was recompiled/bundled and

Re: Re:

ul and shows major shortcoming between the > back end authentication between servers and front end ui authentication. > > > We can't even considering putting it behind our identify reverse proxies > because we can't turn off two way ssl. > > > Thanks > > Shawnk >

Re:

sorry forgot the link. here it is: [1] https://issues.apache.org/jira/projects/NIFIREG/issues/NIFIREG-189 On Thu, Aug 9, 2018 at 11:47 AM, Kevin Doran wrote: > Hi Curtis, > > This has come up a few times. Unfortunately I don’t think there is > currently an easy way to disabl

Re:

Hi Curtis, This has come up a few times. Unfortunately I don’t think there is currently an easy way to disable X509-based identity extraction in NiFi today. There is an open JIRA for the same issue in NiFi Registry [1]. NiFi Registry follows the same AuthN/AuthZ design (and a fair amount of code)

Re: Pushing to bitbucket from nifi registry

Hi, Glad to hear you are finding the NiFi Registry features useful. Regarding your question, the “Remote Access User” and “Remote Access Password” properties are only used when the remote URL is an HTTPS url. When it is an SSH url, it is expected that password-less SSH has been configured on

Re: nifi-registry.sh doesn't find user

Never seen that before - definitely odd. What platform are you running on? Thanks, Kevin On Fri, Jul 20, 2018 at 1:58 PM, Geoff Craig wrote: > Hello, > > > > I’m trying to run nifi-registry (0.2.0) using run.as in bootstrap.conf > and the nifi-registry.sh run command is throwing this error:

Re: NiFi Registry with nested PGs

Hi Mike, Yes, this is expected behavior. Let's say I have a PG A that has a nested versioned PG B, both are at version 1. Because PG B is versioned, the full definition of PG A does not extend down into PG B, it stops at a reference to "PG B:v1". Because PG B is versioned independently, a

Re: Merging output of multiple processors

Hi Jean-Sébastien, Sorry you’re running into trouble. NiFi can have a bit of a learning curve at first, but once you are comfortable with the components it comes with and how to use them effectively, it gets much faster to accomplish tasks such as your example. In general, don’t worry

Re: NiFi ExecuteScript vs multiple processors vs custom processor

There's a lot of great discussion on this thread. I’ll add that if you intend to use NiFi Registry with NiFi (which has lot of advantages, some of which have already been discussed), you’ll want to consider what is going to work best with NiFi Registry and your flow deployment/promotion

Re: Store external data into NiFi Registry

[answered on SO as well] Kumar, As of today, it is not currently possible to store data/objects in NiFi Registry other than a NiFi Flow and its configuration (component properties, default variable values, controller services, etc). There have been discussions about extending NiFi Registry's

Re: Checking out specific branch of nifi

Hi Vitaly, All releases are tagged as “rel/”, so you can see all tags by running “git tag” and then use “git checkout ” to checkout the version you want. Cheers, Kevin From: Vitaly Krivoy Reply-To: Date: Thursday, June 28, 2018 at 11:54 To: "users@nifi.apache.org" Subject: Checking out

Re: HandleHttpRequest and Allowed Paths

Hi Boris, Are those urls correct? It looks like the path and port are out of place, e.g.: localhost:8011/admin localhost:8011/info -Kevin From: Boris Tyukin Reply-To: Date: Thursday, June 14, 2018 at 16:26 To: Subject: HandleHttpRequest and Allowed Paths Hi, I am

Re: Fun with DistributeLoad

Thanks for the additional details. It sounds like you have already explored alternatives quite a bit and have found the best path. :) Looks like Mark has some good advice for making this flow manageable, so if this is working for you, I’d take his suggestions where it makes sense and run with

Re: Fun with DistributeLoad

Hi Martijn, Can you share more about the details of what your DistributeLoad process group is doing and how the 24 endpoints of the particular S3-compatible storage service work? Are they fixed or could they change? Just hoping to understand what are the constraints you have to work within.

Re: LDAP/AD User groups

On 6 June 2018 at 05:58, Kevin Doran wrote: Whoops, in my example, disregard the class for the ldap-user-group-provider (org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider). I took that snippet from one of my NiFi Registry configuration files, which is the same as NiFi

Re: LDAP/AD User groups

that so it doesn’t confuse anyone or you don’t copy/paste from my example. From: Kevin Doran Reply-To: Date: Tuesday, June 5, 2018 at 23:52 To: Subject: Re: LDAP/AD User groups Hi Martijn, You’re really close to having this configured correctly. Basically, you just need to set a few more

Re: LDAP/AD User groups

Hi Martijn, You’re really close to having this configured correctly. Basically, you just need to set a few more Group properties in your ldap-user-group-provider config. The way user and group loading works in NiFI: The users are synced from LDAP using the “User Search *” (and related)

Re: Error Reference When Creating Template From PG Under NiFi Registry Version Control

is documented as being and issue and the recommendation is to follow one of the suggested practices to avoid issues such as this one. Cheers, Ryan On Mon, May 7, 2018 at 7:10 AM, Kevin Doran <kdo...@apache.org> wrote: Hi Ryan, I’ve never tried creating a template from a process group that was save

Re: Error Reference When Creating Template From PG Under NiFi Registry Version Control

Hi Ryan, I’ve never tried creating a template from a process group that was saved to a NiFi Registry, so I haven’t run into this exact error. However, there are users that cannot connect multiple environments (e.g., dev and production) to the same NiFi Registry and therefore have the need

Re: Nifi Registry LDAP

g into it too much but it is a strange issue I was receiving. On Apr 10, 2018, at 3:21 PM, Kevin Doran <kdo...@apache.org> wrote: Thanks; that certainly narrows it down. It could be that you’ve uncovered a bug with the LdapIdentityProvider when using START_TLS. I’ll try to recreate i

Re: Nifi Registry LDAP

On Apr 10, 2018, at 2:57 PM, Kevin Doran <kdo...@apache.org> wrote: Thanks Scott, I don’t see anything wrong with your configuration. I created a free jumpcloud account, so I’ll try to recreate this issue and get back to you if I have any other insights. Kevin From

Re: Nifi Registry LDAP

On Apr 10, 2018, at 2:10 PM, Kevin Doran <kdo...@apache.org> wrote: If everything is configured correctly, this error usually indicates that the server did not locate your login credentials when processing the login request. That usually means it will not even attempt to authenticate the

Re: Nifi Registry LDAP

wrote:     Yes I did, I had Nifi-registry working with a local instances of LDAP running. It’s now not cooperating since I moved to using Jumpcloud.      > On Apr 10, 2018, at 1:56 PM, Kevin Doran <kdo...@apache.org> wrote:     > > Hi Sco

Re: Nifi Registry LDAP

Hi Scott, Did you configure nifi-registry.properties with: nifi.registry.security.identity.provider=ldap-identity-provider On 4/10/18, 14:53, "Scott Howell" wrote: Thanks for the all the help yesterday standing up LDAP for NIFI. I was able to troubleshoot and

Re: Integrating nifi with cloud based LDAP JumpCloud

Scott, I've never implemented NiFi with JumpCloud, but speculating as to what could be the cause of your error, it could be the User Search Base/Filter configuration values. Can you share the contents of your login-identity-providers.xml (removing any sensitive values such as ldap

Re: Ranger-plugin authorises "anonymous" for /flow

Good catch, Bryan. It does sound like that could explain what is going on in these cases. Regarding this: >I think one way to support this might be to bring back the "Allow >Anonymous" flag in the Ranger Authorizer config. > >This way if this value is set to false, then before

Re: AWS CloudWatch

Hi Laurens, I've never done this but here are some ideas you could experiment with. Assuming the logs are coming from something like an application running on an EC2 instance, there are a number of ways you could probably expose them to NiFi without going through CloudWatch logs. There are a

Re: Unknown user w/ Docker image

volume references, would that work for making a reproducible demo? On Thu, Mar 22, 2018 at 10:08 AM, Kevin Doran <kdo...@apache.org> wrote: Yeah, from looking at your Docker compose file, your LDAP search base/filter is configured as: LDAP_USER_SEARCH_BASE='ou=people,dc=nifi,dc=com' LDAP

Re: Unknown user w/ Docker image

ou=people, dc=nifi, dc=com Tried logging in w/ test/password (what the LDIF uses) Got: Unknown user with identity 'test'. Contact the system administrator. Any ideas? On Thu, Mar 22, 2018 at 9:34 AM, Kevin Doran <kdo...@apache.org> wrote: Mike, To my knowledge, the Docker

Re: Unknown user w/ Docker image

en to work outside of Docker. I'm also not seeing anything in the logs indicating that it's trying the LDAP query. On Thu, Mar 22, 2018 at 8:30 AM, Kevin Doran <kdo...@apache.org> wrote: Sorry, meant to include the link to start.sh, which is in our codebase [1]. I’m only pointing it out b/

Re: Unknown user w/ Docker image

Sorry, meant to include the link to start.sh, which is in our codebase [1].  I’m only pointing it out b/c it looked like in your Docker compose file that you wanted this to be an LDAP demo. [1] https://github.com/apache/nifi/blob/master/nifi-docker/dockerhub/sh/start.sh#L30 From: Kevin

Re: Unknown user w/ Docker image

Good eye, Pierre. Mike, unrelated to the initial admin question, but anticipating something you might run int o after you get that part working. Change the "AUTH=tls" environment variable value to "AUTH=ldap". (I know the README file for the docker image uses ‘AUTH=tls’ in the documentation

Re: Issue with AWS ELB on secure nifi-registry

of file-provider. > On Mar 19, 2018, at 9:35 AM, Kevin Doran <kdo...@apache.org> wrote: > > Hey Scott, > > Assuming you are using two-way TLS with client certificates for authentication, I recommend configuring your ELB for TCP passthrough so that the TLS handshake i

Re: Issue with AWS ELB on secure nifi-registry

Hey Scott, Assuming you are using two-way TLS with client certificates for authentication, I recommend configuring your ELB for TCP passthrough so that the TLS handshake is between the end-client and the NiFi Registry Server (in other words, no decryption/termination of the TLS connection

Re: Error when sending HTTPS request to Nifi using the Restful API

al Delivery Center Tel: (+86) 27 59269644 E-mail: dengt...@cn.ibm.com WhatsApp: +86 15671158671 --- - Original message - From: Kevin Doran <kdo...@apache.org> To: <users@nifi.apache.org&g

Re: Error when sending HTTPS request to Nifi using the Restful API

When using access tokens, make sure your NiFi instance is configured to not require client certificates for the TLS certificates: nifi.security.needClientAuth=false This is because you only want the NiFi server (not the client) to establish its identity with a TLS certificate; the client

Re: setting processor concurrency based on the development/production environment

bilities to extend the functionality of NiFi with custom processors and Groovy scripts. Awesome job, guys. On Thu, Mar 1, 2018 at 1:29 PM, Kevin Doran <kdo...@apache.org> wrote: Hi Boris, Good point regarding concurrent tasks; thanks for sharing! This is a great candidate for something

Re: setting processor concurrency based on the development/production environment

Hi Boris, Good point regarding concurrent tasks; thanks for sharing! This is a great candidate for something that one should be able to create environment-specific values for, as Bryan suggests. I agree we should create a NiFi JIRA to track this enhancement. Thanks, Kevin On 3/1/18, 11:44,

Re: LDAP Users & Group Sync

perfectly and the LDAP group and users synced as expected. Thank You. Cheers, Nick On 8 Dec 2017 11:59 +0700, Kevin Doran <kdoran.apa...@gmail.com>, wrote: Hi Nikhil, I haven't heard of this issue before. Looking at the NiFi code that is interpreting the sync interval property

Re: NiFi 1.5.0 Secure Cluster: Unable to locate node CN=node-1, OU=NIFI to seed policies

Identities" matter as the "Initial Node Identities" do? Or are only the Node Identities order important? -Ryan H On Sat, Feb 17, 2018 at 5:34 PM, Kevin Doran <kdo...@apache.org<mailto:kdo...@apache.org>> wrote: Hi Ryan, You’ll need to add the DN for your clu

Re: NiFi 1.5.0 Secure Cluster: Unable to locate node CN=node-1, OU=NIFI to seed policies

Hi Ryan, You’ll need to add the DN for your cluster nodes as “Initial User Identities” to the file-user-group-provider in authorizers.xml. I.e.:      CN=my-node-1, OU=NIFI      CN=my-node-2, OU=NIFI Let me know if you have any other questions! Cheers, Kevin From: Ryan H

  1   2   >