If everything is configured correctly, this error usually indicates that the
server did not locate your login credentials when processing the login request.
That usually means it will not even attempt to authenticate the credentials, so
I'm not sure it is an LDAP configuration error.
If you want to check this manually using developer tools in a browser (e.g.,
Chrome or Firefox) you can look at the HTTP traffic to see if credentials are
being passed to the server. NiFi Registry uses the HTTP Basic Auth protocol to
login (credentials are encoded in the Authorization header and passed to the
server from the login page to generate a temporary authentication token).
So after clicking "Login", you should look for an HTTP POST to
<base_url>/nifi-registry-api/access/token/login, which should have an
"Authorization" header with the value "Basic {encoded-username-and-password}"
If the credentials are there, it is likely something is misconfigured on the
server side with the identity provider so that login credentials are not even
being looked for. If the credentials are not there... well I've never seen
that. I would probably as if your NiFi Registry Server running behind a load
balancer or proxy that could be interfering with HTTP headers?
What version of NiFi Registry are you using? 0.1.0 or a version built from
source?
Hope this helps,
Kevin
On 4/10/18, 14:59, "Scott Howell" <[email protected]> wrote:
Yes I did, I had Nifi-registry working with a local instances of LDAP
running. It’s now not cooperating since I moved to using Jumpcloud.
> On Apr 10, 2018, at 1:56 PM, Kevin Doran <[email protected]> wrote:
>
> Hi Scott,
>
> Did you configure nifi-registry.properties with:
>
> nifi.registry.security.identity.provider=ldap-identity-provider
>
> On 4/10/18, 14:53, "Scott Howell" <[email protected]> wrote:
>
> Thanks for the all the help yesterday standing up LDAP for NIFI. I was
able to troubleshoot and fix the issues myself. I am running into a unique
issue with my Nifi-Registry when I try to login with my LDAP credentials like I
do for the nifi cluster I get in my logs with this:
>
> 2018-04-10 18:43:15,303 INFO [NiFi Registry Web Server-18]
o.a.n.r.w.s.NiFiRegistrySecurityConfig AuthenticationEntryPoint invoked as no
user identity credentials were found in the request.
>
> My identity-providers.xml is this:
> <identityProviders>
> <provider>
> <identifier>ldap-identity-provider</identifier>
<class>org.apache.nifi.registry.security.ldap.LdapIdentityProvider</class>
> <property name="Authentication
Strategy">START_TLS</property>
> <property name="Manager
DN">uid=nifi,ou=Users,o={redacted},dc=jumpcloud,dc=com</property>
> <property name="Manager
Password">{redacted}</property>
> <property name="TLS - Keystore”>
> </property>
> <property name="TLS - Keystore
Password"></property>
> <property name="TLS - Keystore Type"></property>
> <property name="TLS -
Truststore">/opt/certs/jumpcloud.jks</property>
> <property name="TLS - Truststore
Password">{redacted}</property>
> <property name="TLS - Truststore
Type">JKS</property>
> <property name="TLS - Client Auth"></property>
> <property name="TLS -
Protocol">TLSv1.2</property>
> <property name="TLS - Shutdown
Gracefully"></property>
> <property name="Referral
Strategy">FOLLOW</property>
> <property name="Connect Timeout">10
secs</property>
> <property name="Read Timeout">10 secs</property>
> <property
name="Url">ldap://ldap.jumpcloud.com:389</property>
> <property name="User Search
Base">ou=Users,o={redacted},dc=jumpcloud,dc=com</property>
> <property name="User Search
Filter">uid={0}</property>
> <property name="Identity
Strategy">USE_USERNAME</property>
> <property name="Authentication Expiration">12
hours</property>
> </provider>
> </identityProviders>
>
> For the most part I grabbed most of this from my Nifi node
login-identity-providers.xml but I seem to have something messed up.
>
>
