Yes.
I'm logging in to NiFi WebUI with one AD user which I configured as both
"Initial User Identity 1" and "Initial Admin Identity" in authorizers.xml
But in my ./conf/login-identity-providers.xml I configured another AD user as
follows:
<provider>
<identifier>ldap-provider</identifier>
<class>org.apache.nifi.ldap.LdapProvider</class>
<property name="Authentication Strategy">SIMPLE</property>
<property name="Manager DN">CN=My Name 2,OU=MyOU,DC=MyDomain</property>
<property name="Manager Password">MYPASSWORD</property>
<property name="TLS - Keystore"></property>
<property name="TLS - Keystore Password"></property>
<property name="TLS - Keystore Type"></property>
<property name="TLS - Truststore"></property>
<property name="TLS - Truststore Password"></property>
<property name="TLS - Truststore Type"></property>
<property name="TLS - Client Auth"></property>
<property name="TLS - Protocol"></property>
<property name="TLS - Shutdown Gracefully"></property>
<property name="Referral Strategy">FOLLOW</property>
<property name="Connect Timeout">10 secs</property>
<property name="Read Timeout">10 secs</property>
<property name="Url"></property>
<property name="User Search Base"> OU=MyOU,DC=MyDomain</property>
<property name="User Search Filter">sAMAccountName={0}</property>
<property name="Identity Strategy">USE_DN</property>
<property name="Authentication Expiration">12 hours</property>
</provider>
From: Josh Friberg <[email protected]>
Sent: Thursday, February 22, 2024 4:33 PM
To: [email protected]
Subject: Re: Insufficient Permissions - Unable to view the user interface - at
WebUI
You don't often get email from
[email protected]<mailto:[email protected]>. Learn why this is
important<https://aka.ms/LearnAboutSenderIdentification>
Did you use a different user to setup ldap then your AD user your trying to
login with now?
On Thu, Feb 22, 2024 at 6:59 AM Alexei Rozenvaser
<[email protected]<mailto:[email protected]>> wrote:
Hi Everyone
I have a brand new installation of NiFi 2.0.
I configured LDAP user authentication.
I have my AD DN defined as both "Initial User Identity 1" and "Initial Admin
Identity" in authorizers.xml
1. Now I can launch the NiFi server successfully.
2. I can successfully log in to NiFi's webUI with my AD user
3. But I get: "Insufficient Permissions" - "Unable to view the user
interface." at WebUI
4. There is an AccessDeniedExeptionMapper identity [cn=My
Name,ou=MyOU,DC=MyDC], group[] does not have permission to access the requested
resource. Unable to view the user interface. Returning Forbidden response.
entry at nifi-user.log
If I understand the situation correctly I can pass the authentication phase but
my user wasn't authorized for UI access?
What should I check first?
