LDAP身份验证问题,无法登录Nifi UI

时间:2019-02-07 10:21:19

标签: ldap apache-nifi

nifi-app.log

2019-02-07 15:24:40,475 ERROR [NiFi Web Server-22] org.apache.nifi.ldap.LdapProvider nifi.test:389; nested exception is javax.naming.CommunicationException: nifi.test:389 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]

nifi-user.log

Caused by: org.apache.nifi.authentication.exception.IdentityAccessException: Unable to validate the supplied credentials. Please contact the system administrator.
    at org.apache.nifi.ldap.LdapProvider.authenticate(LdapProvider.java:340)
    at org.apache.nifi.web.security.spring.LoginIdentityProviderFactoryBean$1.authenticate(LoginIdentityProviderFactoryBean.java:314)
    at org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:728)
    ... 78 common frames omitted
Caused by: org.springframework.security.authentication.InternalAuthenticationServiceException: nifi.test:389; nested exception is javax.naming.CommunicationException: nifi.test:389 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]
    at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:206)
    at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)
    at org.apache.nifi.ldap.LdapProvider.authenticate(LdapProvider.java:310)
    ... 80 common frames omitted

nifi.properties

# web properties #
nifi.web.war.directory=./lib
nifi.web.http.host=
nifi.web.http.port=
nifi.web.http.network.interface.default=
nifi.web.https.host=nifi.test
nifi.web.https.port=8090
nifi.web.https.network.interface.default=
nifi.web.jetty.working.directory=./work/jetty
nifi.web.jetty.threads=200
nifi.web.max.header.size=16 KB
nifi.web.proxy.context.path=
nifi.web.proxy.host=

# security properties #
nifi.sensitive.props.key=
nifi.sensitive.props.key.protected=
nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL
nifi.sensitive.props.provider=BC
nifi.sensitive.props.additional.keys=

nifi.security.keystore=./conf/keystore.jks
nifi.security.keystoreType=jks
nifi.security.keystorePasswd=vm1VrVaPN2f3xXuva03R//ZtHXoxuYc2qnZYSDpzQDQ
nifi.security.keyPasswd=vm1VrVaPN2f3xXuva03R//ZtHXoxuYc2qnZYSDpzQDQ
nifi.security.truststore=./conf/truststore.jks
nifi.security.truststoreType=jks
nifi.security.truststorePasswd=TJbO3svNAO44hkKgXII58KZV/67sL768IBE3IaisFKs
nifi.security.user.authorizer=managed-authorizer
nifi.security.user.login.identity.provider=ldap-provider
nifi.security.ocsp.responder.url=
nifi.security.ocsp.responder.certificate=

authorizers.xml :

<authorizer>
        <identifier>file-provider</identifier>
        <class>org.apache.nifi.authorization.FileAuthorizer</class>
        <property name="Authorizations File">./conf/authorizations.xml</property>
        <property name="Users File">./conf/users.xml</property>
        <property name="Initial Admin Identity">testuser</property>
        <property name="Legacy Authorized Users File"></property>

        <property name="Node Identity 1">CN=*.test,OU=Nifi</property>
    </authorizer>

login-identity-providers.xml:
<provider>
        <identifier>ldap-provider</identifier>
        <class>org.apache.nifi.ldap.LdapProvider</class>
        <property name="Authentication Strategy">SIMPLE</property>

        <property name="Manager DN">CN=testuser, OU=Nifi, DC=test,DC=local</property>
        <property name="Manager Password">pass</property>
        <property name="TLS - Keystore"></property>
        <property name="TLS - Keystore Password"></property>
        <property name="TLS - Keystore Type"></property>
        <property name="TLS - Truststore"></property>
        <property name="TLS - Truststore Password"></property>
        <property name="TLS - Truststore Type"></property>
        <property name="TLS - Client Auth"></property>
        <property name="TLS - Protocol"></property>
        <property name="TLS - Shutdown Gracefully"></property>

        <property name="Referral Strategy">IGNORE</property>
        <property name="Connect Timeout">10 secs</property>
        <property name="Read Timeout">10 secs</property>

        <property name="Url">ldap://nifi.test:389</property>
        <property name="User Search Base">OU=Nifi, DC=test,DC=local</property>
        <property name="User Search Filter">sAMAccountName={0}</property>

        <property name="Identity Strategy">USE_USERNAME</property>
        <property name="Authentication Expiration">2 hours</property>
</provider>

需要您的建议,为什么我无法在Nifi中获得登录页面?

在Nifi中使用LDAP进行用户身份验证需要做什么?

0 个答案:

没有答案