Hello, Issue #1 - You should be able to specify an LDAP user as your initial admin, what is the error you get?
Keep in mind it is case and white-space sensitive, and also depends on whether you are returning full DN or short name, it must match exactly. Issue #2 - Since you are able to query the API with the client cert, it seems like your cert is setup correctly. Is there an error in nifi-app.log or nifi-user.log when you try to modify the policy? Can you modify policies through the UI without issues? Tokens are only issued for login methods that are based on username and password, so it is expected behavior that you could not issue one for a cert user. Thanks, Bryan On Sun, Aug 4, 2019 at 8:30 PM Felipe Garcia <fel...@garcia-lind.com> wrote: > Setup > > > a cluster of a few nifi boxes > > > setup to authenticate with LDAP > > users and groups in LDAP > > > Issue 1: unable to specify an LDAP user as Initial User > > > I have only been able to set up the cluster with a client certificate user. > > > Issue 2: I am unable to use the API with the initial certificate user to > add an LDAP group. > > > I exported the cert and key into a usable format for curl > > > *# open*ssl pkcs12 -in /opt/nifi-certs/CN\=admin_OU\=NIFI.p12 -out > /opt/nifi-certs/CN\=admin_OU\=NIFI.key -nocerts -nodes > > *# open*ssl pkcs12 -export -in /opt/nifi-certs/CN\=admin_OU\=NIFI.p12 > -out /opt/nifi-certs/CN\=admin_OU\=NIFI.pem -clcerts -nokeys -passin > 'changeme' > > > I am able to query the API > > > curl -k -X GET > https://nifi01-sst140.dev.cloud.ace:9443/nifi-api/policies/read/flow --cert > /opt/nifi-certs/CN=admin_OU=NIFI.pem --key > /opt/nifi-certs/CN=admin_OU=NIFI.key --compressed > > > > But I am unable to change or add via the API > > > curl -k -X PUT -H 'Content-Type: application/json' > https://nifi01-sst140.dev.cloud.ace:9443/nifi-api/policies/f99bccd1-a30e-3e4a-98a2-dbc708edc67f > --cert > /opt/nifi-certs/CN=admin_OU=NIFI.pem --key > /opt/nifi-certs/CN=admin_OU=NIFI.key -d @/tmp/newpolicy.json > > Unable to save Authorizations > > > > I cannot create a token for a cert user > > > curl -k -X POST ' > https://nifi01-sst140.dev.cloud.ace:9443/nifi-api/access/token' -H > 'Accept-Encoding: gzip, deflate, br' -H 'Content-Type: > application/x-www-form-urlencoded; charset=UTF-8' -H 'Accept: */*' --cert > /opt/nifi-certs/CN\=admin_OU\=NIFI.pem --key > /opt/nifi-certs/CN\=admin_OU\=NIFI.key --compressed > > The username and password must be specified. > >
