subject:"Re\: Integrating nifi with cloud based LDAP JumpCloud"

Re: Integrating nifi with cloud based LDAP JumpCloud

2018-04-09 Thread Scott Howell

So I changed two things. 

1. I updated the START_TLS 
with START_TLS this allowed nifi to connect to Jumpcloud.

2. USE_DN from USER_USERNAME and 
everything began to work.

> On Apr 9, 2018, at 3:14 PM, Andy LoPresto  wrote:
> 
> Scott,
> 
> One note is that since you are using port 389 (plaintext LDAP), your 
> credentials are being transmitted in cleartext unless you are enforcing 
> START_TLS, and as there is no truststore populated in your config, it does 
> not appear you are doing this. 
> 
> You should read the Jumpcloud instructions on configuring LDAP-as-a-service 
> (including creating an LDAP Binding User Account) using SSL/TLS and there are 
> some additional resources on configuring this for LDAP below:
> 
> https://support.jumpcloud.com/customer/en/portal/articles/2439911 
> 
> https://support.jumpcloud.com/customer/en/portal/articles/2440898-jumpcloud-ldaps-ssl-certificate
>  
> 
> https://www.digitalocean.com/community/tutorials/how-to-encrypt-openldap-connections-using-starttls
>  
> 
> https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#ldap_login_identity_provider
>  
> 
> 
> Andy LoPresto
> alopre...@apache.org 
> alopresto.apa...@gmail.com 
> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69
> 
>> On Apr 9, 2018, at 1:04 PM, Scott Howell > > wrote:
>> 
>> That is what is inside of 
>> 
>>> On Apr 9, 2018, at 3:03 PM, Scott Howell >> > wrote:
>>> 
>>> Yep let me send it over.
>>> 
>>> 
>>>   ldap-provider
>>>   org.apache.nifi.ldap.LdapProvider
>>>   ANONYMOUS
>>> 
>>>   uid=nifi,ou=Users,o={redacted},dc=jumpcloud,dc=com
>>>   
>>>   
>>>   
>>>   
>>>   
>>>   
>>>   
>>>   
>>>   
>>> 
>>>   FOLLOW
>>>   10 secs
>>>   10 secs
>>> 
>>>   ldap://ldap.jumpcloud.com:389 
>>> 
>>>   ou=Users,o={redacted},dc=jumpcloud,dc=com
>>>   uid={0}
>>> 
>>>   USE_USERNAME
>>>   12 hours
>>>   
>>> 
>>> 
>>> 
 On Apr 9, 2018, at 3:01 PM, Kevin Doran >>> > wrote:

 Scott,

 I've never implemented NiFi with JumpCloud, but speculating as to what 
 could be the cause of your error, it could be the User Search Base/Filter 
 configuration values. Can you share the contents of your 
 login-identity-providers.xml (removing any sensitive values such as ldap 
 credentials)?

 Thanks,
 Kevin

 On 4/9/18, 14:53, "Scott Howell" >>> > wrote:

  I was wondering if there was anyone on the user group that had 
 successfully integrated their NIFI authentication to work with Jumpcloud 
 LDAP. I have followed the steps Jumpcloud provides with adding the correct 
 credentials to the the NIFI login-identity-providers.xml but I am getting 
 an error of “Unable to validate the supplied credentials. Please contact 
 the system administrator.” In the UI in my nifi-user.log I am seeing 
 [LDAP: error code 32 - No Such Object] when its trying to look up the LDAP 
 user.

  Scott

>>> 
>> 
>

Re: Integrating nifi with cloud based LDAP JumpCloud

2018-04-09 Thread Andy LoPresto

Scott,

One note is that since you are using port 389 (plaintext LDAP), your 
credentials are being transmitted in cleartext unless you are enforcing 
START_TLS, and as there is no truststore populated in your config, it does not 
appear you are doing this.

You should read the Jumpcloud instructions on configuring LDAP-as-a-service 
(including creating an LDAP Binding User Account) using SSL/TLS and there are 
some additional resources on configuring this for LDAP below:

https://support.jumpcloud.com/customer/en/portal/articles/2439911 

https://support.jumpcloud.com/customer/en/portal/articles/2440898-jumpcloud-ldaps-ssl-certificate
 

https://www.digitalocean.com/community/tutorials/how-to-encrypt-openldap-connections-using-starttls
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#ldap_login_identity_provider

Andy LoPresto
alopre...@apache.org
alopresto.apa...@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Apr 9, 2018, at 1:04 PM, Scott Howell  wrote:
> 
> That is what is inside of 
> 
>> On Apr 9, 2018, at 3:03 PM, Scott Howell  wrote:
>> 
>> Yep let me send it over.
>> 
>> 
>>   ldap-provider
>>   org.apache.nifi.ldap.LdapProvider
>>   ANONYMOUS
>> 
>>   uid=nifi,ou=Users,o={redacted},dc=jumpcloud,dc=com
>>   
>>   
>>   
>>   
>>   
>>   
>>   
>>   
>>   
>> 
>>   FOLLOW
>>   10 secs
>>   10 secs
>> 
>>   ldap://ldap.jumpcloud.com:389
>>   ou=Users,o={redacted},dc=jumpcloud,dc=com
>>   uid={0}
>> 
>>   USE_USERNAME
>>   12 hours
>>   
>> 
>> 
>> 
>>> On Apr 9, 2018, at 3:01 PM, Kevin Doran  wrote:
>>> 
>>> Scott,
>>> 
>>> I've never implemented NiFi with JumpCloud, but speculating as to what 
>>> could be the cause of your error, it could be the User Search Base/Filter 
>>> configuration values. Can you share the contents of your 
>>> login-identity-providers.xml (removing any sensitive values such as ldap 
>>> credentials)?
>>> 
>>> Thanks,
>>> Kevin
>>> 
>>> On 4/9/18, 14:53, "Scott Howell"  wrote:
>>> 
>>>  I was wondering if there was anyone on the user group that had 
>>> successfully integrated their NIFI authentication to work with Jumpcloud 
>>> LDAP. I have followed the steps Jumpcloud provides with adding the correct 
>>> credentials to the the NIFI login-identity-providers.xml but I am getting 
>>> an error of “Unable to validate the supplied credentials. Please contact 
>>> the system administrator.” In the UI in my nifi-user.log I am seeing [LDAP: 
>>> error code 32 - No Such Object] when its trying to look up the LDAP user.
>>> 
>>>  Scott
>>> 
>>> 
>> 
> 



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Integrating nifi with cloud based LDAP JumpCloud

2018-04-09 Thread Scott Howell

That is what is inside of 

> On Apr 9, 2018, at 3:03 PM, Scott Howell  wrote:
> 
> Yep let me send it over.
> 
> 
>ldap-provider
>org.apache.nifi.ldap.LdapProvider
>ANONYMOUS
> 
>uid=nifi,ou=Users,o={redacted},dc=jumpcloud,dc=com
>
>
>
>
>
>
>
>
>
> 
>FOLLOW
>10 secs
>10 secs
> 
>ldap://ldap.jumpcloud.com:389
>ou=Users,o={redacted},dc=jumpcloud,dc=com
>uid={0}
> 
>USE_USERNAME
>12 hours
>
> 
> 
> 
>> On Apr 9, 2018, at 3:01 PM, Kevin Doran  wrote:
>> 
>> Scott,
>> 
>> I've never implemented NiFi with JumpCloud, but speculating as to what could 
>> be the cause of your error, it could be the User Search Base/Filter 
>> configuration values. Can you share the contents of your 
>> login-identity-providers.xml (removing any sensitive values such as ldap 
>> credentials)?
>> 
>> Thanks,
>> Kevin
>> 
>> On 4/9/18, 14:53, "Scott Howell"  wrote:
>> 
>>   I was wondering if there was anyone on the user group that had 
>> successfully integrated their NIFI authentication to work with Jumpcloud 
>> LDAP. I have followed the steps Jumpcloud provides with adding the correct 
>> credentials to the the NIFI login-identity-providers.xml but I am getting an 
>> error of “Unable to validate the supplied credentials. Please contact the 
>> system administrator.” In the UI in my nifi-user.log I am seeing [LDAP: 
>> error code 32 - No Such Object] when its trying to look up the LDAP user.
>> 
>>   Scott
>> 
>> 
>

Re: Integrating nifi with cloud based LDAP JumpCloud

2018-04-09 Thread Scott Howell

Yep let me send it over.


ldap-provider
org.apache.nifi.ldap.LdapProvider
ANONYMOUS

uid=nifi,ou=Users,o={redacted},dc=jumpcloud,dc=com










FOLLOW
10 secs
10 secs

ldap://ldap.jumpcloud.com:389
ou=Users,o={redacted},dc=jumpcloud,dc=com
uid={0}

USE_USERNAME
12 hours




> On Apr 9, 2018, at 3:01 PM, Kevin Doran  wrote:
> 
> Scott,
> 
> I've never implemented NiFi with JumpCloud, but speculating as to what could 
> be the cause of your error, it could be the User Search Base/Filter 
> configuration values. Can you share the contents of your 
> login-identity-providers.xml (removing any sensitive values such as ldap 
> credentials)?
> 
> Thanks,
> Kevin
> 
> On 4/9/18, 14:53, "Scott Howell"  wrote:
> 
>I was wondering if there was anyone on the user group that had 
> successfully integrated their NIFI authentication to work with Jumpcloud 
> LDAP. I have followed the steps Jumpcloud provides with adding the correct 
> credentials to the the NIFI login-identity-providers.xml but I am getting an 
> error of “Unable to validate the supplied credentials. Please contact the 
> system administrator.” In the UI in my nifi-user.log I am seeing [LDAP: error 
> code 32 - No Such Object] when its trying to look up the LDAP user.
> 
>Scott
> 
>

Re: Integrating nifi with cloud based LDAP JumpCloud

2018-04-09 Thread Kevin Doran

Scott,

I've never implemented NiFi with JumpCloud, but speculating as to what could be 
the cause of your error, it could be the User Search Base/Filter configuration 
values. Can you share the contents of your login-identity-providers.xml 
(removing any sensitive values such as ldap credentials)?

Thanks,
Kevin

On 4/9/18, 14:53, "Scott Howell"  wrote:

I was wondering if there was anyone on the user group that had successfully 
integrated their NIFI authentication to work with Jumpcloud LDAP. I have 
followed the steps Jumpcloud provides with adding the correct credentials to 
the the NIFI login-identity-providers.xml but I am getting an error of “Unable 
to validate the supplied credentials. Please contact the system administrator.” 
In the UI in my nifi-user.log I am seeing [LDAP: error code 32 - No Such 
Object] when its trying to look up the LDAP user.

Scott

Re: Integrating nifi with cloud based LDAP JumpCloud

Re: Integrating nifi with cloud based LDAP JumpCloud

Re: Integrating nifi with cloud based LDAP JumpCloud

Re: Integrating nifi with cloud based LDAP JumpCloud

Re: Integrating nifi with cloud based LDAP JumpCloud

5 matches

Site Navigation

Mail list logo

Footer information