Fatal编程技术网
  • ldap/
  • 无法登录Nifi UI的LDAP身份验证问题

无法登录Nifi UI的LDAP身份验证问题

ldap apache-nifi

无法登录Nifi UI的LDAP身份验证问题,ldap,apache-nifi,Ldap,Apache Nifi,nifi应用程序日志: 2019-02-07 15:24:40,475 ERROR [NiFi Web Server-22] org.apache.nifi.ldap.LdapProvider nifi.test:389; nested exception is javax.naming.CommunicationException: nifi.test:389 [Root exception is java.net.ConnectException: Connection refused (C

nifi应用程序日志

2019-02-07 15:24:40,475 ERROR [NiFi Web Server-22] org.apache.nifi.ldap.LdapProvider nifi.test:389; nested exception is javax.naming.CommunicationException: nifi.test:389 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]

Caused by: org.apache.nifi.authentication.exception.IdentityAccessException: Unable to validate the supplied credentials. Please contact the system administrator.
    at org.apache.nifi.ldap.LdapProvider.authenticate(LdapProvider.java:340)
    at org.apache.nifi.web.security.spring.LoginIdentityProviderFactoryBean$1.authenticate(LoginIdentityProviderFactoryBean.java:314)
    at org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:728)
    ... 78 common frames omitted
Caused by: org.springframework.security.authentication.InternalAuthenticationServiceException: nifi.test:389; nested exception is javax.naming.CommunicationException: nifi.test:389 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]
    at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:206)
    at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)
    at org.apache.nifi.ldap.LdapProvider.authenticate(LdapProvider.java:310)
    ... 80 common frames omitted

# web properties #
nifi.web.war.directory=./lib
nifi.web.http.host=
nifi.web.http.port=
nifi.web.http.network.interface.default=
nifi.web.https.host=nifi.test
nifi.web.https.port=8090
nifi.web.https.network.interface.default=
nifi.web.jetty.working.directory=./work/jetty
nifi.web.jetty.threads=200
nifi.web.max.header.size=16 KB
nifi.web.proxy.context.path=
nifi.web.proxy.host=

# security properties #
nifi.sensitive.props.key=
nifi.sensitive.props.key.protected=
nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL
nifi.sensitive.props.provider=BC
nifi.sensitive.props.additional.keys=

nifi.security.keystore=./conf/keystore.jks
nifi.security.keystoreType=jks
nifi.security.keystorePasswd=vm1VrVaPN2f3xXuva03R//ZtHXoxuYc2qnZYSDpzQDQ
nifi.security.keyPasswd=vm1VrVaPN2f3xXuva03R//ZtHXoxuYc2qnZYSDpzQDQ
nifi.security.truststore=./conf/truststore.jks
nifi.security.truststoreType=jks
nifi.security.truststorePasswd=TJbO3svNAO44hkKgXII58KZV/67sL768IBE3IaisFKs
nifi.security.user.authorizer=managed-authorizer
nifi.security.user.login.identity.provider=ldap-provider
nifi.security.ocsp.responder.url=
nifi.security.ocsp.responder.certificate=

authorizers.xml :

<authorizer>
        <identifier>file-provider</identifier>
        <class>org.apache.nifi.authorization.FileAuthorizer</class>
        <property name="Authorizations File">./conf/authorizations.xml</property>
        <property name="Users File">./conf/users.xml</property>
        <property name="Initial Admin Identity">testuser</property>
        <property name="Legacy Authorized Users File"></property>

        <property name="Node Identity 1">CN=*.test,OU=Nifi</property>
    </authorizer>

login-identity-providers.xml:
<provider>
        <identifier>ldap-provider</identifier>
        <class>org.apache.nifi.ldap.LdapProvider</class>
        <property name="Authentication Strategy">SIMPLE</property>

        <property name="Manager DN">CN=testuser, OU=Nifi, DC=test,DC=local</property>
        <property name="Manager Password">pass</property>
        <property name="TLS - Keystore"></property>
        <property name="TLS - Keystore Password"></property>
        <property name="TLS - Keystore Type"></property>
        <property name="TLS - Truststore"></property>
        <property name="TLS - Truststore Password"></property>
        <property name="TLS - Truststore Type"></property>
        <property name="TLS - Client Auth"></property>
        <property name="TLS - Protocol"></property>
        <property name="TLS - Shutdown Gracefully"></property>

        <property name="Referral Strategy">IGNORE</property>
        <property name="Connect Timeout">10 secs</property>
        <property name="Read Timeout">10 secs</property>

        <property name="Url">ldap://nifi.test:389</property>
        <property name="User Search Base">OU=Nifi, DC=test,DC=local</property>
        <property name="User Search Filter">sAMAccountName={0}</property>

        <property name="Identity Strategy">USE_USERNAME</property>
        <property name="Authentication Expiration">2 hours</property>
</provider>
nifi用户日志

2019-02-07 15:24:40,475 ERROR [NiFi Web Server-22] org.apache.nifi.ldap.LdapProvider nifi.test:389; nested exception is javax.naming.CommunicationException: nifi.test:389 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]

Caused by: org.apache.nifi.authentication.exception.IdentityAccessException: Unable to validate the supplied credentials. Please contact the system administrator.
    at org.apache.nifi.ldap.LdapProvider.authenticate(LdapProvider.java:340)
    at org.apache.nifi.web.security.spring.LoginIdentityProviderFactoryBean$1.authenticate(LoginIdentityProviderFactoryBean.java:314)
    at org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:728)
    ... 78 common frames omitted
Caused by: org.springframework.security.authentication.InternalAuthenticationServiceException: nifi.test:389; nested exception is javax.naming.CommunicationException: nifi.test:389 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]
    at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:206)
    at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)
    at org.apache.nifi.ldap.LdapProvider.authenticate(LdapProvider.java:310)
    ... 80 common frames omitted

# web properties #
nifi.web.war.directory=./lib
nifi.web.http.host=
nifi.web.http.port=
nifi.web.http.network.interface.default=
nifi.web.https.host=nifi.test
nifi.web.https.port=8090
nifi.web.https.network.interface.default=
nifi.web.jetty.working.directory=./work/jetty
nifi.web.jetty.threads=200
nifi.web.max.header.size=16 KB
nifi.web.proxy.context.path=
nifi.web.proxy.host=

# security properties #
nifi.sensitive.props.key=
nifi.sensitive.props.key.protected=
nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL
nifi.sensitive.props.provider=BC
nifi.sensitive.props.additional.keys=

nifi.security.keystore=./conf/keystore.jks
nifi.security.keystoreType=jks
nifi.security.keystorePasswd=vm1VrVaPN2f3xXuva03R//ZtHXoxuYc2qnZYSDpzQDQ
nifi.security.keyPasswd=vm1VrVaPN2f3xXuva03R//ZtHXoxuYc2qnZYSDpzQDQ
nifi.security.truststore=./conf/truststore.jks
nifi.security.truststoreType=jks
nifi.security.truststorePasswd=TJbO3svNAO44hkKgXII58KZV/67sL768IBE3IaisFKs
nifi.security.user.authorizer=managed-authorizer
nifi.security.user.login.identity.provider=ldap-provider
nifi.security.ocsp.responder.url=
nifi.security.ocsp.responder.certificate=

authorizers.xml :

<authorizer>
        <identifier>file-provider</identifier>
        <class>org.apache.nifi.authorization.FileAuthorizer</class>
        <property name="Authorizations File">./conf/authorizations.xml</property>
        <property name="Users File">./conf/users.xml</property>
        <property name="Initial Admin Identity">testuser</property>
        <property name="Legacy Authorized Users File"></property>

        <property name="Node Identity 1">CN=*.test,OU=Nifi</property>
    </authorizer>

login-identity-providers.xml:
<provider>
        <identifier>ldap-provider</identifier>
        <class>org.apache.nifi.ldap.LdapProvider</class>
        <property name="Authentication Strategy">SIMPLE</property>

        <property name="Manager DN">CN=testuser, OU=Nifi, DC=test,DC=local</property>
        <property name="Manager Password">pass</property>
        <property name="TLS - Keystore"></property>
        <property name="TLS - Keystore Password"></property>
        <property name="TLS - Keystore Type"></property>
        <property name="TLS - Truststore"></property>
        <property name="TLS - Truststore Password"></property>
        <property name="TLS - Truststore Type"></property>
        <property name="TLS - Client Auth"></property>
        <property name="TLS - Protocol"></property>
        <property name="TLS - Shutdown Gracefully"></property>

        <property name="Referral Strategy">IGNORE</property>
        <property name="Connect Timeout">10 secs</property>
        <property name="Read Timeout">10 secs</property>

        <property name="Url">ldap://nifi.test:389</property>
        <property name="User Search Base">OU=Nifi, DC=test,DC=local</property>
        <property name="User Search Filter">sAMAccountName={0}</property>

        <property name="Identity Strategy">USE_USERNAME</property>
        <property name="Authentication Expiration">2 hours</property>
</provider>
nifi.properties

2019-02-07 15:24:40,475 ERROR [NiFi Web Server-22] org.apache.nifi.ldap.LdapProvider nifi.test:389; nested exception is javax.naming.CommunicationException: nifi.test:389 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]

Caused by: org.apache.nifi.authentication.exception.IdentityAccessException: Unable to validate the supplied credentials. Please contact the system administrator.
    at org.apache.nifi.ldap.LdapProvider.authenticate(LdapProvider.java:340)
    at org.apache.nifi.web.security.spring.LoginIdentityProviderFactoryBean$1.authenticate(LoginIdentityProviderFactoryBean.java:314)
    at org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:728)
    ... 78 common frames omitted
Caused by: org.springframework.security.authentication.InternalAuthenticationServiceException: nifi.test:389; nested exception is javax.naming.CommunicationException: nifi.test:389 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]
    at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:206)
    at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)
    at org.apache.nifi.ldap.LdapProvider.authenticate(LdapProvider.java:310)
    ... 80 common frames omitted

# web properties #
nifi.web.war.directory=./lib
nifi.web.http.host=
nifi.web.http.port=
nifi.web.http.network.interface.default=
nifi.web.https.host=nifi.test
nifi.web.https.port=8090
nifi.web.https.network.interface.default=
nifi.web.jetty.working.directory=./work/jetty
nifi.web.jetty.threads=200
nifi.web.max.header.size=16 KB
nifi.web.proxy.context.path=
nifi.web.proxy.host=

# security properties #
nifi.sensitive.props.key=
nifi.sensitive.props.key.protected=
nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL
nifi.sensitive.props.provider=BC
nifi.sensitive.props.additional.keys=

nifi.security.keystore=./conf/keystore.jks
nifi.security.keystoreType=jks
nifi.security.keystorePasswd=vm1VrVaPN2f3xXuva03R//ZtHXoxuYc2qnZYSDpzQDQ
nifi.security.keyPasswd=vm1VrVaPN2f3xXuva03R//ZtHXoxuYc2qnZYSDpzQDQ
nifi.security.truststore=./conf/truststore.jks
nifi.security.truststoreType=jks
nifi.security.truststorePasswd=TJbO3svNAO44hkKgXII58KZV/67sL768IBE3IaisFKs
nifi.security.user.authorizer=managed-authorizer
nifi.security.user.login.identity.provider=ldap-provider
nifi.security.ocsp.responder.url=
nifi.security.ocsp.responder.certificate=

authorizers.xml :

<authorizer>
        <identifier>file-provider</identifier>
        <class>org.apache.nifi.authorization.FileAuthorizer</class>
        <property name="Authorizations File">./conf/authorizations.xml</property>
        <property name="Users File">./conf/users.xml</property>
        <property name="Initial Admin Identity">testuser</property>
        <property name="Legacy Authorized Users File"></property>

        <property name="Node Identity 1">CN=*.test,OU=Nifi</property>
    </authorizer>

login-identity-providers.xml:
<provider>
        <identifier>ldap-provider</identifier>
        <class>org.apache.nifi.ldap.LdapProvider</class>
        <property name="Authentication Strategy">SIMPLE</property>

        <property name="Manager DN">CN=testuser, OU=Nifi, DC=test,DC=local</property>
        <property name="Manager Password">pass</property>
        <property name="TLS - Keystore"></property>
        <property name="TLS - Keystore Password"></property>
        <property name="TLS - Keystore Type"></property>
        <property name="TLS - Truststore"></property>
        <property name="TLS - Truststore Password"></property>
        <property name="TLS - Truststore Type"></property>
        <property name="TLS - Client Auth"></property>
        <property name="TLS - Protocol"></property>
        <property name="TLS - Shutdown Gracefully"></property>

        <property name="Referral Strategy">IGNORE</property>
        <property name="Connect Timeout">10 secs</property>
        <property name="Read Timeout">10 secs</property>

        <property name="Url">ldap://nifi.test:389</property>
        <property name="User Search Base">OU=Nifi, DC=test,DC=local</property>
        <property name="User Search Filter">sAMAccountName={0}</property>

        <property name="Identity Strategy">USE_USERNAME</property>
        <property name="Authentication Expiration">2 hours</property>
</provider>

#web属性#
nifi.web.war.directory=./lib
nifi.web.http.host=
nifi.web.http.port=
nifi.web.http.network.interface.default=
nifi.web.https.host=nifi.test
nifi.web.https.port=8090
nifi.web.https.network.interface.default=
nifi.web.jetty.working.directory=./work/jetty
nifi.web.jetty.threads=200
nifi.web.max.header.size=16 KB
nifi.web.proxy.context.path=
nifi.web.proxy.host=
#安全属性#
nifi.sensitive.props.key=
nifi.sensitive.props.key.protected=
nifi.sensitive.props.algorithm=pbewithmd5和256biates-CBC-OPENSSL
nifi.sensitive.props.provider=BC
nifi.sensitive.props.additional.keys=
nifi.security.keystore=./conf/keystore.jks
nifi.security.keystoreType=jks
nifi.security.keystrepasswd=vm1vrvapn2f3xuva03r//ZtHXoxuYc2qnZYSDpzQDQ
nifi.security.keyPasswd=vm1vrvapn2f3xuva03r//ZtHXoxuYc2qnZYSDpzQDQ
nifi.security.truststore=./conf/truststore.jks
nifi.security.truststoreType=jks
nifi.security.truststorePasswd=TJbO3svNAO44hkKgXII58KZV/67sL768IBE3IaisFKs
nifi.security.user.authorizer=托管授权人
nifi.security.user.login.identity.provider=ldap提供程序
nifi.security.ocsp.responder.url=
nifi.security.ocsp.responder.certificate=
authorizers.xml:
文件提供者
org.apache.nifi.authorization.FileAuthorizer
./conf/authorizations.xml
./conf/users.xml
测试用户
CN=*.test,OU=Nifi
login-identity-providers.xml:
ldap提供程序
org.apache.nifi.ldap.LdapProvider
简单的
CN=testuser,OU=Nifi,DC=test,DC=local
通过
忽略
10秒
10秒
ldap://nifi.test:389
OU=Nifi,DC=测试,DC=本地
sAMAccountName={0}
使用您的用户名
2小时
需要你的建议为什么我无法在Nifi中获得登录页面

在Nifi中使用LDAP进行用户身份验证需要做什么?

您的LDAP服务器是否在端口389上的Nifi.test主机上运行?你能从nifi之外的其他工具连接到nifi.test:389吗?@BryanBende谢谢你的回复。。。。。nmap-p 389 10.18.200.52-2019-02-08 12:19启动nmap 7.60(),nifi.ndevarajan(10.18.200.52)主机的IST nmap扫描报告已启动(0.000078s延迟)。端口状态服务389/tcp关闭了ldapTry,使用类似ApacheStudio的东西使用相同的凭据连接到LDAP。您显示的命令也使用了IP地址,但您的nifi配置使用了主机名nifi.testIs您的LDAP服务器运行在端口389上的nifi.test主机上?你能从nifi之外的其他工具连接到nifi.test:389吗?@BryanBende谢谢你的回复。。。。。nmap-p 389 10.18.200.52-2019-02-08 12:19启动nmap 7.60(),nifi.ndevarajan(10.18.200.52)主机的IST nmap扫描报告已启动(0.000078s延迟)。端口状态服务389/tcp关闭了ldapTry,使用类似ApacheStudio的东西使用相同的凭据连接到LDAP。您显示的命令也使用了IP地址,但您的nifi配置使用了主机名nifi.test