Hi Ryan,
You’ll need to add the DN for your cluster nodes as “Initial User Identities” to the file-user-group-provider in authorizers.xml. I.e.: <property name="Initial User Identity 1"> CN=my-node-1, OU=NIFI </property> <property name="Initial User Identity 2"> CN=my-node-2, OU=NIFI </property> Let me know if you have any other questions! Cheers, Kevin From: Ryan H <[email protected]> Reply-To: <[email protected]> Date: Saturday, February 17, 2018 at 17:22 To: <[email protected]> Subject: NiFi 1.5.0 Secure Cluster: Unable to locate node CN=node-1, OU=NIFI to seed policies Hi Users, I am trying to setup a 3 node secure cluster and running into the following error: org.apache.nifi.authorization.exception.AuthorizerCreationException: org.apache.nifi.authorization.exception.AuthorizerCreationException: Unable to locate node CN=my-node-1, OU=NIFI to seed policies. I scaled it back and tried to just get a single node secure cluster working for ease of troubleshooting and get the same error. I've tried adding/removing the space in the DN just in case, but it seems that my node identity is parsing to null for whatever reason (based on the source code where the error is being thrown from ''FileAccessPolicyProvider.populateNodes()") Any help is always appreciated! Cheers, Ryan H My Config: authorizers.xml <authorizers> <userGroupProvider> <identifier>file-user-group-provider</identifier> <class>org.apache.nifi.authorization.FileUserGroupProvider</class> <property name="Users File">./conf/users.xml</property> <property name="Legacy Authorized Users File"></property> <property name="Initial User Identity 1">CN=admin, OU=NIFI</property> </userGroupProvider> <accessPolicyProvider> <identifier>file-access-policy-provider</identifier> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class> <property name="User Group Provider">file-user-group-provider</property> <property name="Authorizations File">./conf/authorizations.xml</property> <property name="Initial Admin Identity">CN=admin, OU=NIFI</property> <property name="Legacy Authorized Users File"></property> <property name="Node Identity 1">CN=my-node-1, OU=NIFI</property> </accessPolicyProvider> </authorizers> nifi.properties # web properties # nifi.web.war.directory=./lib nifi.web.http.host= nifi.web.http.port= nifi.web.http.network.interface.default= nifi.web.https.host=my-node-1 nifi.web.https.port=8443 nifi.web.https.network.interface.default= nifi.web.jetty.working.directory=./work/jetty nifi.web.jetty.threads=200 nifi.web.max.header.size=16 KB nifi.web.proxy.context.path= # security properties # nifi.sensitive.props.key= nifi.sensitive.props.key.protected= nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL nifi.sensitive.props.provider=BC nifi.sensitive.props.additional.keys= nifi.security.keystore=./keystore.jks nifi.security.keystoreType=jks nifi.security.keystorePasswd=generated-password nifi.security.keyPasswd=generated-password nifi.security.truststore=./truststore.jks nifi.security.truststoreType=jks nifi.security.truststorePasswd=generated-password nifi.security.needClientAuth=true nifi.security.user.authorizer=managed-authorizer nifi.security.user.login.identity.provider= nifi.security.ocsp.responder.url= nifi.security.ocsp.responder.certificate=
