nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Thomsen <mikerthom...@gmail.com>
Subject Re: Buttons are greyed out when initial admin account logs in
Date Thu, 07 Dec 2017 14:50:45 GMT
Pierre,

Something that bit me this morning using ApacheDS to try this out: I didn't
realize that the "group" object class specified in the official guide
doesn't work with ApacheDS. I had to change it to groupOfUniqueNames. My
LDAP experience is next to nil, so maybe it's a misunderstanding on my end,
but it didn't work for me until I made that change (and I couldn't add
objectClass: group either).

On Mon, Dec 4, 2017 at 4:30 AM, Pierre Villard <pierre.villard.fr@gmail.com>
wrote:

> Hey guys,
>
> I'll try to write a new blog with all the new features coming with NiFi
> 1.4.0.
> All the new stuff to have LDAP sync is really nice.
>
> Pierre
>
> 2017-12-03 19:12 GMT+01:00 Kevin Doran <kdoran.apache@gmail.com>:
>
>> Hi Mike,
>>
>> You also have to enable the LdapUserGroupProvider in authorizes xml by
>> uncommenting it, configuring the properties, and changing the
>> FileAccessPolicyProvider (also in authorizers.xml) to use the
>> ldap-user-group-provider instead of the default file-user-group-provider.
>>
>> Then delete users.xml and authorizations.xml and restart.
>>
>> This will disable any certificate-based identities you have configured,
>> so you will need to choose an ldap-based user to be your initial admin. Or
>> configure a CompositeUserGroupProvider so that you can use certificates and
>> only require ldap login in absence of a client certificate.
>>
>> -Kevin
>>
>> ------------------------------
>> *From:* Mike Thomsen <mikerthomsen@gmail.com>
>> *Sent:* Sunday, December 3, 2017 9:45:18 AM
>>
>> *To:* users@nifi.apache.org
>> *Subject:* Re: Buttons are greyed out when initial admin account logs in
>>
>> I added the ldap-provider to the identity provider line in
>> nifi.properties, but I don't see any users from LDAP. I tried deleting
>> users.xml and authorizations.xml and restarting, but the user listing
>> doesn't show any of the users from LDAP. Any ideas on how to troubleshoot?
>>
>> Thanks,
>>
>> Mike
>>
>> On Fri, Dec 1, 2017 at 7:05 PM, Kevin Doran <kdoran.apache@gmail.com>
>> wrote:
>>
>>> Mike,
>>>
>>>
>>>
>>> I should also mention that since the time of Pierre's inital blog post
>>> on LDAP integration, support for user & group syncing with LDAP has been
>>> added to NiFi. See the instructions for the "LdapUserGroupProvider" in
>>> Authorizers.xml section of the the Admin Guide [1].
>>>
>>>
>>>
>>> You will still need to set per-group or per-user policies as the initial
>>> admin, but you do not need to manually add users and groups in order to set
>>> policies. Also, your initial admin can use an identity from LDAP rather
>>> than a certificate (if that is preferred, otherwise, you can still use
>>> certificates alongside LDAP by using a CompositeUserGroupProvider as
>>> described in the Admin Guide).
>>>
>>>
>>>
>>> [1] https://nifi.apache.org/docs/nifi-docs/html/administration-g
>>> uide.html#authorizers-setup
>>>
>>>
>>>
>>> -Kevin
>>>
>>>
>>>
>>> *From: *Kevin Doran <kdoran.apache@gmail.com>
>>> *Date: *Friday, December 1, 2017 at 18:43
>>> *To: *<users@nifi.apache.org>
>>> *Subject: *Re: Buttons are greyed out when initial admin account logs in
>>>
>>>
>>>
>>> Hi Mike,
>>>
>>>
>>>
>>> Your authorizers.xml and nifi.properties look correct to me to establish
>>> the certificate "CN=admin, OU=NIFI" as an admin user.
>>>
>>>
>>>
>>> Here's one idea that you may have already thought of... the initial
>>> admin is only granted admin policies if users/policies are empty on
>>> startup. Try deleting conf/users.xml and conf/authorizations.xml and
>>> restarting NiFi.
>>>
>>>
>>>
>>> Hope this helps! If you have any other questions about configuring LDAP
>>> or authorizers, let me know.
>>>
>>>
>>>
>>> Kevin
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> *From: *Mike Thomsen <mikerthomsen@gmail.com>
>>> *Reply-To: *<users@nifi.apache.org>
>>> *Date: *Friday, December 1, 2017 at 18:27
>>> *To: *<users@nifi.apache.org>
>>> *Subject: *Buttons are greyed out when initial admin account logs in
>>>
>>>
>>>
>>> I'm following Pierre's blog post that shows how to set up LDAP w/
>>> ApacheDS:
>>>
>>> https://pierrevillard.com/2017/01/24/integration-of-nifi-with-ldap
>>>
>>> I've tried this with 1.4.0 and 1.5.0-SNAPSHOT (toolkits built for each
>>> too) for what it's worth.
>>>
>>> Built the certs with this command:
>>>
>>> bin/tls-toolkit.sh standalone -n localhost -C "CN=admin,OU=NIFI" -O -o
>>> ../security_output
>>>
>>> Copied security_output/localhost/* to $NIFI_ROOT/conf
>>>
>>> With or without the identity provider set to use the LDAP configuration,
>>> it's greyed out.
>>>
>>>
>>>
>>> Any ideas on what I'm doing wrong?
>>>
>>>
>>>
>>> Thanks,
>>>
>>>
>>>
>>> Mike
>>>
>>
>>
>

Mime
View raw message