Yes Pierre, I have made sure the organization was correct using another
LDAP browser.
Let me make sure by replaying the involved part of code.
From that stack trace, the deeeper nifi code invocation is
nifi-runner_1 | Caused by:
org.springframework.ldap.OperationNotSupportedException: [LDAP: error
code 12 - Unavailable Critical Extension]; nested exception is
javax.naming.OperationNotSupportedException: [LDAP: error code 12 -
Unavailable Critical Extension]; remaining name 'o=corp.mycompany.com'
nifi-runner_1 | at
org.apache.nifi.ldap.tenants.LdapUserGroupProvider.load(LdapUserGroupProvider.java:493)
nifi-runner_1 | at
org.apache.nifi.ldap.tenants.LdapUserGroupProvider.onConfigured(LdapUserGroupProvider.java:387)
which seems to load user from ldap.
More precisely, the error line seems to be
userList.addAll(ldapTemplate.search(userSearchBase, userFilter.encode(),
userControls, new AbstractContextMapper<User>() {
where
- userSearchBase is "o=corp.mycompany.com"
- userFilter is
(&(objectclass=privPerson)(&(objectclass=privPerson)(uid={0}))) yup, a
redundant condition, so I've changed the search filter
So, after having talked with the LDAP team in mycompany, we finally
discovered the LDAP directory didn't support the paging mechanism
implemented in Nifi. I removed the paging attribute, and it worked !
Le 18/07/2019 à 15:54, Pierre Villard a écrit :
Hi Nicolas,
It looks like a LDAP issue: LDAP: error code 12 - Unavailable Critical
Extension.
Are you sure about the LDAP tree structure you have? is the
organization correct 'o=corp.mycompany.com <http://corp.mycompany.com/>'?
Thanks,
Pierre
Le jeu. 18 juil. 2019 à 15:36, Nicolas Delsaux <[email protected]
<mailto:[email protected]>> a écrit :
Hello,
I'm trying to use LDAP authentication and am having a weird exception
nifi-runner_1 | 2019-07-18 13:26:03,076 INFO [main]
org.eclipse.jetty.server.Server Started @22069ms
nifi-runner_1 | 2019-07-18 13:26:03,080 WARN [main]
org.apache.nifi.web.server.JettyServer Failed to start web
server... shutting down.
nifi-runner_1 |
org.springframework.beans.factory.UnsatisfiedDependencyException:
Error creating bean with name
'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration':
Unsatisfied dependency expressed through method
'setFilterChainProxySecurityConfigurer' parameter 1; nested
exception is
org.springframework.beans.factory.BeanExpressionException:
Expression parsing failed; nested exception is
org.springframework.beans.factory.UnsatisfiedDependencyException:
Error creating bean with name
'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied
dependency expressed through method 'setJwtAuthenticationProvider'
parameter 0; nested exception is
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'jwtAuthenticationProvider' defined in
class path resource [nifi-web-security-context.xml]: Cannot
resolve reference to bean 'authorizer' while setting constructor
argument; nested exception is
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'authorizer': FactoryBean threw exception
on object creation; nested exception is
org.springframework.ldap.OperationNotSupportedException: [LDAP:
error code 12 - Unavailable Critical Extension]; nested exception
is javax.naming.OperationNotSupportedException: [LDAP: error code
12 - Unavailable Critical Extension]; remaining name
'o=corp.mycompany.com <http://corp.mycompany.com>'
nifi-runner_1 | at
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:666)
nifi-runner_1 | at
org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
nifi-runner_1 | at
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:366)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1269)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:551)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
nifi-runner_1 | at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
nifi-runner_1 | at
org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761)
nifi-runner_1 | at
org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:867)
nifi-runner_1 | at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:543)
nifi-runner_1 | at
org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:443)
nifi-runner_1 | at
org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:325)
nifi-runner_1 | at
org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
nifi-runner_1 | at
org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:953)
nifi-runner_1 | at
org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:558)
nifi-runner_1 | at
org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:918)
nifi-runner_1 | at
org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:370)
nifi-runner_1 | at
org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1497)
nifi-runner_1 | at
org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1459)
nifi-runner_1 | at
org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:848)
nifi-runner_1 | at
org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:287)
nifi-runner_1 | at
org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:545)
nifi-runner_1 | at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
nifi-runner_1 | at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
nifi-runner_1 | at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
nifi-runner_1 | at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
nifi-runner_1 | at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
nifi-runner_1 | at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
nifi-runner_1 | at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:108)
nifi-runner_1 | at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
nifi-runner_1 | at
org.eclipse.jetty.server.handler.gzip.GzipHandler.doStart(GzipHandler.java:403)
nifi-runner_1 | at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
nifi-runner_1 | at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
nifi-runner_1 | at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
nifi-runner_1 | at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
nifi-runner_1 | at
org.eclipse.jetty.server.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:167)
nifi-runner_1 | at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
nifi-runner_1 | at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
nifi-runner_1 | at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
nifi-runner_1 | at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
nifi-runner_1 | at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
nifi-runner_1 | at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
nifi-runner_1 | at
org.eclipse.jetty.server.Server.start(Server.java:419)
nifi-runner_1 | at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:108)
nifi-runner_1 | at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
nifi-runner_1 | at
org.eclipse.jetty.server.Server.doStart(Server.java:386)
nifi-runner_1 | at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
nifi-runner_1 | at
org.apache.nifi.web.server.JettyServer.start(JettyServer.java:935)
nifi-runner_1 | at org.apache.nifi.NiFi.<init>(NiFi.java:158)
nifi-runner_1 | at org.apache.nifi.NiFi.<init>(NiFi.java:72)
nifi-runner_1 | at org.apache.nifi.NiFi.main(NiFi.java:297)
nifi-runner_1 | Caused by:
org.springframework.beans.factory.BeanExpressionException:
Expression parsing failed; nested exception is
org.springframework.beans.factory.UnsatisfiedDependencyException:
Error creating bean with name
'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied
dependency expressed through method 'setJwtAuthenticationProvider'
parameter 0; nested exception is
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'jwtAuthenticationProvider' defined in
class path resource [nifi-web-security-context.xml]: Cannot
resolve reference to bean 'authorizer' while setting constructor
argument; nested exception is
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'authorizer': FactoryBean threw exception
on object creation; nested exception is
org.springframework.ldap.OperationNotSupportedException: [LDAP:
error code 12 - Unavailable Critical Extension]; nested exception
is javax.naming.OperationNotSupportedException: [LDAP: error code
12 - Unavailable Critical Extension]; remaining name
'o=corp.mycompany.com <http://corp.mycompany.com>'
nifi-runner_1 | at
org.springframework.context.expression.StandardBeanExpressionResolver.evaluate(StandardBeanExpressionResolver.java:163)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.evaluateBeanDefinitionString(AbstractBeanFactory.java:1454)
nifi-runner_1 | at
org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1086)
nifi-runner_1 | at
org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1064)
nifi-runner_1 | at
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:658)
nifi-runner_1 | ... 53 common frames omitted
nifi-runner_1 | Caused by:
org.springframework.beans.factory.UnsatisfiedDependencyException:
Error creating bean with name
'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied
dependency expressed through method 'setJwtAuthenticationProvider'
parameter 0; nested exception is
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'jwtAuthenticationProvider' defined in
class path resource [nifi-web-security-context.xml]: Cannot
resolve reference to bean 'authorizer' while setting constructor
argument; nested exception is
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'authorizer': FactoryBean threw exception
on object creation; nested exception is
org.springframework.ldap.OperationNotSupportedException: [LDAP:
error code 12 - Unavailable Critical Extension]; nested exception
is javax.naming.OperationNotSupportedException: [LDAP: error code
12 - Unavailable Critical Extension]; remaining name
'o=corp.mycompany.com <http://corp.mycompany.com>'
nifi-runner_1 | at
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:666)
nifi-runner_1 | at
org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
nifi-runner_1 | at
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:366)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1269)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:551)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
nifi-runner_1 | at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
nifi-runner_1 | at
org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:519)
nifi-runner_1 | at
org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:508)
nifi-runner_1 | at
org.springframework.security.config.annotation.web.configuration.AutowiredWebSecurityConfigurersIgnoreParents.getWebSecurityConfigurers(AutowiredWebSecurityConfigurersIgnoreParents.java:53)
nifi-runner_1 | at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
nifi-runner_1 | at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
nifi-runner_1 | at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
nifi-runner_1 | at
java.lang.reflect.Method.invoke(Method.java:498)
nifi-runner_1 | at
org.springframework.expression.spel.support.ReflectiveMethodExecutor.execute(ReflectiveMethodExecutor.java:117)
nifi-runner_1 | at
org.springframework.expression.spel.ast.MethodReference.getValueInternal(MethodReference.java:134)
nifi-runner_1 | at
org.springframework.expression.spel.ast.MethodReference.access$000(MethodReference.java:52)
nifi-runner_1 | at
org.springframework.expression.spel.ast.MethodReference$MethodValueRef.getValue(MethodReference.java:377)
nifi-runner_1 | at
org.springframework.expression.spel.ast.CompoundExpression.getValueInternal(CompoundExpression.java:88)
nifi-runner_1 | at
org.springframework.expression.spel.ast.SpelNodeImpl.getValue(SpelNodeImpl.java:121)
nifi-runner_1 | at
org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:257)
nifi-runner_1 | at
org.springframework.context.expression.StandardBeanExpressionResolver.evaluate(StandardBeanExpressionResolver.java:160)
nifi-runner_1 | ... 57 common frames omitted
nifi-runner_1 | Caused by:
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'jwtAuthenticationProvider' defined in
class path resource [nifi-web-security-context.xml]: Cannot
resolve reference to bean 'authorizer' while setting constructor
argument; nested exception is
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'authorizer': FactoryBean threw exception
on object creation; nested exception is
org.springframework.ldap.OperationNotSupportedException: [LDAP:
error code 12 - Unavailable Critical Extension]; nested exception
is javax.naming.OperationNotSupportedException: [LDAP: error code
12 - Unavailable Critical Extension]; remaining name
'o=corp.mycompany.com <http://corp.mycompany.com>'
nifi-runner_1 | at
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359)
nifi-runner_1 | at
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
nifi-runner_1 | at
org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:634)
nifi-runner_1 | at
org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:145)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1198)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1100)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:511)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
nifi-runner_1 | at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
nifi-runner_1 | at
org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:208)
nifi-runner_1 | at
org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1136)
nifi-runner_1 | at
org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1064)
nifi-runner_1 | at
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:658)
nifi-runner_1 | ... 81 common frames omitted
nifi-runner_1 | Caused by:
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'authorizer': FactoryBean threw exception
on object creation; nested exception is
org.springframework.ldap.OperationNotSupportedException: [LDAP:
error code 12 - Unavailable Critical Extension]; nested exception
is javax.naming.OperationNotSupportedException: [LDAP: error code
12 - Unavailable Critical Extension]; remaining name
'o=corp.mycompany.com <http://corp.mycompany.com>'
nifi-runner_1 | at
org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:185)
nifi-runner_1 | at
org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1640)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:323)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
nifi-runner_1 | at
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
nifi-runner_1 | ... 96 common frames omitted
nifi-runner_1 | Caused by:
org.springframework.ldap.OperationNotSupportedException: [LDAP:
error code 12 - Unavailable Critical Extension]; nested exception
is javax.naming.OperationNotSupportedException: [LDAP: error code
12 - Unavailable Critical Extension]; remaining name
'o=corp.mycompany.com <http://corp.mycompany.com>'
nifi-runner_1 | at
org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:212)
nifi-runner_1 | at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:397)
nifi-runner_1 | at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:328)
nifi-runner_1 | at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:629)
nifi-runner_1 | at
org.apache.nifi.ldap.tenants.LdapUserGroupProvider.load(LdapUserGroupProvider.java:493)
nifi-runner_1 | at
org.apache.nifi.ldap.tenants.LdapUserGroupProvider.onConfigured(LdapUserGroupProvider.java:387)
nifi-runner_1 | at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
nifi-runner_1 | at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
nifi-runner_1 | at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
nifi-runner_1 | at
java.lang.reflect.Method.invoke(Method.java:498)
nifi-runner_1 | at
org.apache.nifi.authorization.UserGroupProviderInvocationHandler.invoke(UserGroupProviderInvocationHandler.java:38)
nifi-runner_1 | at
com.sun.proxy.$Proxy76.onConfigured(Unknown Source)
nifi-runner_1 | at
org.apache.nifi.authorization.AuthorizerFactoryBean.getObject(AuthorizerFactoryBean.java:139)
nifi-runner_1 | at
org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:178)
nifi-runner_1 | ... 101 common frames omitted
nifi-runner_1 | Caused by:
javax.naming.OperationNotSupportedException: [LDAP: error code 12
- Unavailable Critical Extension]
nifi-runner_1 | at
com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3214)
nifi-runner_1 | at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
nifi-runner_1 | at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
nifi-runner_1 | at
com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
nifi-runner_1 | at
com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
nifi-runner_1 | at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
nifi-runner_1 | at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
nifi-runner_1 | at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
nifi-runner_1 | at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
nifi-runner_1 | at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
nifi-runner_1 | at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
nifi-runner_1 | at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
nifi-runner_1 | at
java.lang.reflect.Method.invoke(Method.java:498)
nifi-runner_1 | at
org.springframework.ldap.core.support.SingleContextSource$NonClosingDirContextInvocationHandler.invoke(SingleContextSource.java:197)
nifi-runner_1 | at com.sun.proxy.$Proxy78.search(Unknown
Source)
nifi-runner_1 | at
org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:322)
nifi-runner_1 | at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:363)
nifi-runner_1 | ... 113 common frames omitted
it seems like the LDAP server i'm trying to talk to doesn't
support some of the queries i try to send him. But what <am i
doing wrong ?
My authorizers.xml contains
<userGroupProvider>
<identifier>ldap-user-group-provider</identifier>
<class>org.apache.nifi.ldap.tenants.LdapUserGroupProvider</class>
<propertyname="Authentication Strategy">LDAPS</property>
<propertyname="Manager DN">myserviceaccount</property>
<propertyname="Manager Password">mypassword</property>
<propertyname="TLS - Keystore"></property>
<propertyname="TLS - Keystore Password"></property>
<propertyname="TLS - Keystore Type"></property>
<propertyname="TLS - Truststore">/opt/certs/cacerts.jks</property>
<propertyname="TLS - Truststore Password">changeit</property>
<propertyname="TLS - Truststore Type">JKS</property>
<propertyname="TLS - Client Auth"></property>
<propertyname="TLS - Protocol">TLSv1</property>
<propertyname="TLS - Shutdown Gracefully"></property>
<propertyname="Referral Strategy">FOLLOW</property>
<propertyname="Connect Timeout">10 secs</property>
<propertyname="Read Timeout">10 secs</property>
<propertyname="Url">ldaps://myserver.mycompany.com:636</property>
<propertyname="Page Size">0</property>
<propertyname="Sync Interval">30 mins</property>
<propertyname="User Search Base">o=corp.mycompany.com
<http://corp.mycompany.com></property>
<propertyname="User Object Class">privPerson</property>
<propertyname="User Search Scope">SUBTREE</property>
<propertyname="User Search
Filter">(&(objectclass=privPerson)(uid={0}))</property>
<propertyname="User Identity Attribute">uid</property>
<propertyname="User Group Name Attribute"></property>
<propertyname="User Group Name Attribute - Referenced Group
Attribute"></property>
<propertyname="Group Search Base"></property>
<propertyname="Group Object Class">group</property>
<propertyname="Group Search Scope">ONE_LEVEL</property>
<propertyname="Group Search Filter"></property>
<propertyname="Group Name Attribute"></property>
<propertyname="Group Member Attribute"></property>
<propertyname="Group Member Attribute - Referenced User
Attribute"></property>
</userGroupProvider>
And my login-identity-providers contains
<provider>
<identifier>ldap-provider</identifier>
<class>org.apache.nifi.ldap.LdapProvider</class>
<propertyname="Authentication Strategy">LDAPS</property>
<propertyname="Manager DN">myserviceaccount</property>
<propertyname="Manager Password">mypassword</property>
<propertyname="TLS - Keystore"></property>
<propertyname="TLS - Keystore Password"></property>
<propertyname="TLS - Keystore Type"></property>
<propertyname="TLS - Truststore">/opt/certs/cacerts.jks</property>
<propertyname="TLS - Truststore Password">changeit</property>
<propertyname="TLS - Truststore Type">JKS</property>
<propertyname="TLS - Client Auth"></property>
<propertyname="TLS - Protocol">TLSv1</property>
<propertyname="TLS - Shutdown Gracefully"></property>
<propertyname="Referral Strategy">FOLLOW</property>
<propertyname="Connect Timeout">10 secs</property>
<propertyname="Read Timeout">10 secs</property>
<propertyname="Url">ldaps://myserver.mycompany.com:636</property>
<propertyname="User Search Base">o=corp.mycompany.com
<http://corp.mycompany.com></property>
<propertyname="User Search
Filter">(&(objectclass=privPerson)(uid={0}))</property>
<propertyname="Identity Strategy">USE_DN</property>
<propertyname="Authentication Expiration">12 hours</property>
</provider>
Do you know what I did wrong ?
Thanks !
