Setup
a cluster of a few nifi boxes setup to authenticate with LDAP users and groups in LDAP Issue 1: unable to specify an LDAP user as Initial User I have only been able to set up the cluster with a client certificate user. Issue 2: I am unable to use the API with the initial certificate user to add an LDAP group. I exported the cert and key into a usable format for curl *# open*ssl pkcs12 -in /opt/nifi-certs/CN\=admin_OU\=NIFI.p12 -out /opt/nifi-certs/CN\=admin_OU\=NIFI.key -nocerts -nodes *# open*ssl pkcs12 -export -in /opt/nifi-certs/CN\=admin_OU\=NIFI.p12 -out /opt/nifi-certs/CN\=admin_OU\=NIFI.pem -clcerts -nokeys -passin 'changeme' I am able to query the API curl -k -X GET https://nifi01-sst140.dev.cloud.ace:9443/nifi-api/policies/read/flow --cert /opt/nifi-certs/CN=admin_OU=NIFI.pem --key /opt/nifi-certs/CN=admin_OU=NIFI.key --compressed But I am unable to change or add via the API curl -k -X PUT -H 'Content-Type: application/json' https://nifi01-sst140.dev.cloud.ace:9443/nifi-api/policies/f99bccd1-a30e-3e4a-98a2-dbc708edc67f --cert /opt/nifi-certs/CN=admin_OU=NIFI.pem --key /opt/nifi-certs/CN=admin_OU=NIFI.key -d @/tmp/newpolicy.json Unable to save Authorizations I cannot create a token for a cert user curl -k -X POST ' https://nifi01-sst140.dev.cloud.ace:9443/nifi-api/access/token' -H 'Accept-Encoding: gzip, deflate, br' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'Accept: */*' --cert /opt/nifi-certs/CN\=admin_OU\=NIFI.pem --key /opt/nifi-certs/CN\=admin_OU\=NIFI.key --compressed The username and password must be specified.
