Re: NiFi 1.6

Just to close the loop on this, Apache NiFi 1.6.0 was released on April 8, 2018. The download is available here [1]. [1] https://nifi.apache.org/download.html Andy LoPresto alopre...@apache.org alopresto.apa...@gmail.com PGP Fingerprint: 70EC B3E5 98A6

Re: Integrating nifi with cloud based LDAP JumpCloud

So I changed two things. 1. I updated the START_TLS with START_TLS this allowed nifi to connect to Jumpcloud. 2. USE_DN from USER_USERNAME and everything began to work. > On Apr 9, 2018, at 3:14 PM, Andy LoPresto wrote: > > Scott, > > One note is that since you are

Re: Integrating nifi with cloud based LDAP JumpCloud

Scott, One note is that since you are using port 389 (plaintext LDAP), your credentials are being transmitted in cleartext unless you are enforcing START_TLS, and as there is no truststore populated in your config, it does not appear you are doing this. You should read the Jumpcloud

Re: Integrating nifi with cloud based LDAP JumpCloud

That is what is inside of > On Apr 9, 2018, at 3:03 PM, Scott Howell wrote: > > Yep let me send it over. > > >ldap-provider >org.apache.nifi.ldap.LdapProvider >ANONYMOUS > >uid=nifi,ou=Users,o={redacted},dc=jumpcloud,dc=com >

Re: Integrating nifi with cloud based LDAP JumpCloud

Yep let me send it over. ldap-provider org.apache.nifi.ldap.LdapProvider ANONYMOUS uid=nifi,ou=Users,o={redacted},dc=jumpcloud,dc=com FOLLOW 10 secs 10 secs

Re: Integrating nifi with cloud based LDAP JumpCloud

Scott, I've never implemented NiFi with JumpCloud, but speculating as to what could be the cause of your error, it could be the User Search Base/Filter configuration values. Can you share the contents of your login-identity-providers.xml (removing any sensitive values such as ldap

Integrating nifi with cloud based LDAP JumpCloud

I was wondering if there was anyone on the user group that had successfully integrated their NIFI authentication to work with Jumpcloud LDAP. I have followed the steps Jumpcloud provides with adding the correct credentials to the the NIFI login-identity-providers.xml but I am getting an error

Re: ListSFTP, FetchSFTP Commands

Hello Nick, Unless the FetchSFTP is configured with a completion strategy 'move' / 'delete', the processors do not need write access. ls / get / cd should be the only commands I think (and the commands to conenct to the server obviously). Pierre 2018-04-09 18:37 GMT+02:00 Nick Kendra

ListSFTP, FetchSFTP Commands

Hello, My organization is researching NiFi to retrieve files from customer networks via SFTP. Some of our customers need to know the exact SFTP commands that are issued. I looked through the code found 'ls' used for getListing() and 'get' used for getInputStream(). Do either of these processors

Re: Ranger-plugin authorises "anonymous" for /flow

I don't have a Ranger instance at the moment to test, but the "deny" policy may work. Regarding the "Allow Anonymous" approach... since it is a function of the Authorizer, I think it needs to be in the config in authorizers.xml. Maybe there is a way to make it applicable to all authorizers by

Re: Ranger-plugin authorises "anonymous" for /flow

Good catch, Bryan. It does sound like that could explain what is going on in these cases. Regarding this: >I think one way to support this might be to bring back the "Allow >Anonymous" flag in the Ranger Authorizer config. > >This way if this value is set to false, then before

Re: Ranger-plugin authorises "anonymous" for /flow

It should also be possible to add a deny policy for anonymous user, no? Not sure if that would the issue though. Pierre 2018-04-09 17:32 GMT+02:00 Bryan Bende : > Actually, thinking about this more, I think the issue is that you > currently can't use Ranger's {USER} concept

Re: Ranger-plugin authorises "anonymous" for /flow

Actually, thinking about this more, I think the issue is that you currently can't use Ranger's {USER} concept because NiFi always has an "anonymous" user, and there is no way in Ranger to exclude "anonymous" from {USER}. What is happening is something like this... - You enter the NiFi URL in

Re: USB Camera support with MiNiFi 0.4.0 in Rasp3?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Iyán, In addition to what Marc said, IIRC, libuvc and libusb are the main dependencies that need to be available. The libuvc library is included in thirdparty/ and can be build along with minifi. The libusb-dev package is needed for the build. As

Re: Ranger-plugin authorises "anonymous" for /flow

Ok, so you end up in the NiFi UI with the identity in the top right saying "Anonymous user" ? (as show in the screenshots of that hwx forum) I think we need to dig into what is happening during authentication... Can you do a fresh login to NiFi using your LDAP credentials, and then capture the

Re: Ranger-plugin authorises "anonymous" for /flow

> If so, then how are you authenticating to NiFi as an "anonymous" user? Good question. NiFi uses its LdapProvider (with Authentication Strategy = SIMPLE, Identity Strategy = USE_USERNAME) to identify and the RangerNifiAuthorizer to authorise users. I'm not quite sure yet what authenticates the

Re: Ranger-plugin authorises "anonymous" for /flow

Ah thanks for the info, didn't know that. So you have a policy in Ranger where the resource is "/flow", the action is READ, and the users/groups is "{USER}", and then you are saying an "anonymous" user can retrieve the flow? I'm assuming that since your Ranger is backed by an LDAP, that you also

Re: Ranger-plugin authorises "anonymous" for /flow

Hi Bryan, It's a placeholder in Ranger for usernames, see https://cwiki.apache.org/confluence/display/RANGER/Support+for+%24username+variable which is used by certain matcher classes. On Mon, Apr 9, 2018 at 3:28 PM, Bryan Bende wrote: > Hello, > > I don't see any issue with

Re: Ranger-plugin authorises "anonymous" for /flow

Hello, I don't see any issue with the code you linked to. It's saying "if the ranger policies say the operation is allowed, then return approved". Is '{USER}' a special syntax in Ranger? or are you using that as a placeholder in email so you don't have to provide the real user identity? I

Re: USB Camera support with MiNiFi 0.4.0 in Rasp3?

Iyan, That one along with a few others required a bit more manual effort at the time in bootstrap and thus need to be enabled manually. Enable that one manually with cmake -DENABLE_USB_CAMERA=1 .. In the next version it'll be added to the bootstrap with 0.5.0. I was running GetUSBCamera on a

Re: [Nifi 1.5] PutDatabaseRecord and pgsql integer fields

Nice Pierre, that's consistent with which I'm experiencing Currently, this is what i'm using to process csv with header names different from db table : Access strategy = Schema text property Schema text = ... Treat First Line as Header = True Ignore CSV Header Column Names = False In the schema,

Re: [Nifi 1.5] PutDatabaseRecord and pgsql integer fields

If I recall correctly, if you set the property "Ignore CSV Header Column Names" to true, then it'll take the columns in the same order as defined in the schema. Same on the DB side (PutDatabaseRecord), with the property "Translate Field Names". If false, the field names must match the column names

Re: [Nifi 1.5] PutDatabaseRecord and pgsql integer fields

Hi Pierre, Thank you for your input Schema certainly is a key point here. I used a CSVReader with Use Strings Fields from Header as access strategy. Moving access strategy to a text-defined schema solve the issue On side question: in the schema, what are fields name relative to, csv header or

Re: [Nifi 1.5] PutDatabaseRecord and pgsql integer fields

Hi François, How did you define your schema in the PutDatabaseRecord processor? If you're using a CSV Reader and infer the schema using the header, then all the fields will be considered as strings. You probably want to define the schema by yourself so that you can define the type of each column

[Nifi 1.5] PutDatabaseRecord and pgsql integer fields

Hi all, This is my first mail on this feed, as I've discovering NiFi a few days ago. I'm working for a company involved in software development for utilities networks operators One of my first use case to test NiFi is to load a csv file in an existing pgsql table, which sounds like a pretty

Ranger-plugin authorises "anonymous" for /flow

I'm trying to harden my NiFi instance's authorizations and auditing using Ranger (which is backed by an LDAP instance). In Ranger I have defined a couple of resources defined to be authorized for the nifi nodes' CNs (from SSL certs), `{USER}` and `{OWNER}`. Turns out that if I add `{USER}` to

USB Camera support with MiNiFi 0.4.0 in Rasp3?

Hi, I am trying to compile MiNiFi C++ 0.4.0 in a raspberry pi 3 running Raspbian. I have installed all packages in the requirements (and some optional ones, too): https://github.com/apache/nifi-minifi-cpp#system-requirements However, when I execute the bootstrap script I cannot enable the USB