Hi,
I would like to state that I am not NiFi-savvy or LDAP-savvy by any means. I am having issues setting up my local NiFi instance with an LDAP provided to me (I can ensure you that there are no issues with the LDAP as I use it for other services). The outline of my issue is stated below: Use Case: Force users to login before accessing the site (if they have permissions). Users should be authenticated through the LDAP that the NiFi is setup to point to. Setup: 1. I've setup a local instance (localhost:8080/nifi) of NiFi 1.9.0 and have no issues accessing the GUI. (I am running on windows) 2. I followed an article (https://community.hortonworks.com/articles/58233/using-the-tls-toolkit-to-simplify-security.html) to get HTTPS setup on my local instance and the next necessary steps (setup Initial Admin) to have a working NiFi instance with an admin user. It worked and I had no issues using the instance with my Admin user. 3. I followed Peirre Villard's article (https://pierrevillard.com/2017/01/24/integration-of-nifi-with-ldap/) to get NiFi setup with a local LDAP server, which worked fine. 4. I tried getting NiFi setup with an LDAP I've been provided (the ldap address and specific search base filters) using an Anonymous authentication strategy (I've attempted with SIMPLE and ran into other issues, but cannot confirm that the user I used had User Authentication permissions), but receive an error when trying to login into a user. NOTE: When I am using Anonymous authentication strategy I have no Manager DN set (could this be the issue?) Error: Caused by: org.apache.nifi.authentication.exception.IdentityAccessException: Unable to validate the supplied credentials. Please contact the system administrator. at org.apache.nifi.ldap.LdapProvider.authenticate(LdapProvider.java:340) at org.apache.nifi.web.security.spring.LoginIdentityProviderFactoryBean$1.authenticate(LoginIdentityProviderFactoryBean.java:315) at org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:728) ... 83 common frames omitted Caused by: org.springframework.security.authentication.InternalAuthenticationServiceException: (ADDRESS:PORT); socket closed; nested exception is javax.naming.ServiceUnavailableException: (ADDRESS:PORT); socket closed at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:206) at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85) at org.apache.nifi.ldap.LdapProvider.authenticate(LdapProvider.java:310) ... 85 common frames omitted Are there specific LDAP configurations that I need to know/set? I have very limited access to the information I know from the provided LDAP. Thanks, User If you are not the addressee, please inform us immediately that you have received this e-mail by mistake, and delete it. We thank you for your support.
