ldap - LDAP 配置后启动 NIFI 时出错
问题描述
我已成功将 NIFI 配置为使用 HTTPS。但在此之后,我尝试配置 LDAP 身份验证。我已经修改了以下文件,并且在开始时我面临着下面给出的异常。请帮忙。
nifi.properties
nifi.security.user.login.identity.provider=ldap-provider
登录身份-providers.xml
<loginIdentityProvider>
<provider>
<identifier>ldap-provider</identifier>
<class>org.apache.nifi.ldap.LdapProvider</class>
<property name="Authentication Strategy">SIMPLE</property>
<property name="Manager DN">cn=username,ou=xxx,ou=xxx,ou=Applications,dc=xxxxxx,dc=net</property>
<property name="Manager Password">password</property>
<property name="Referral Strategy">FOLLOW</property>
<property name="Connect Timeout">10 secs</property>
<property name="Read Timeout">10 secs</property>
<property name="Url">ldap://hostname.net:636</property>
<property name="User Search Base">dc=xxxxxx,dc=net</property>
<property name="User Search Filter">(&(objectclass=inetOrgPerson)(groupMembership=cn=group,ou=xxx,ou=xxx,ou=groups,dc=xxxxxxx,dc=net))</property>
<property name="Identity Strategy">USE_USERNAME</property>
<property name="Authentication Expiration">12 hours</property>
</provider>
错误:
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'loginIdentityProvider': FactoryBean threw exception on object creation; nested exception is java.lang.Exception: Unable to load the login identity provider configuration file at: /local/apache/nifi-1.11.4/./conf/login-identity-providers.xml
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:185)
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103)
at org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1640)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:254)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1086)
at org.apache.nifi.web.contextlistener.ApplicationStartupContextListener.contextInitialized(ApplicationStartupContextListener.java:93)
... 37 common frames omitted
Caused by: java.lang.Exception: Unable to load the login identity provider configuration file at: /local/apache/nifi-1.11.4/./conf/login-identity-providers.xml
at org.apache.nifi.web.security.spring.LoginIdentityProviderFactoryBean.loadLoginIdentityProvidersConfiguration(LoginIdentityProviderFactoryBean.java:151)
at org.apache.nifi.web.security.spring.LoginIdentityProviderFactoryBean.getObject(LoginIdentityProviderFactoryBean.java:108)
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:178)
... 43 common frames omitted
解决方案
问题可能是您提供的用户搜索过滤器。我建议尝试使用不包含任何特殊字符的简单过滤器来缩小问题范围,然后在出现这种情况时尝试转义这些字符。
回应补充信息 2020-06-11
完整的login-identity-providers.xml文件应如下所示:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<loginIdentityProviders>
<provider>
<identifier>ldap-provider</identifier>
<class>org.apache.nifi.ldap.LdapProvider</class>
<property name="Authentication Strategy">START_TLS</property>
<property name="Manager DN"></property>
<property name="Manager Password"></property>
<property name="TLS - Keystore"></property>
<property name="TLS - Keystore Password"></property>
<property name="TLS - Keystore Type"></property>
<property name="TLS - Truststore"></property>
<property name="TLS - Truststore Password"></property>
<property name="TLS - Truststore Type"></property>
<property name="TLS - Client Auth"></property>
<property name="TLS - Protocol"></property>
<property name="TLS - Shutdown Gracefully"></property>
<property name="Referral Strategy">FOLLOW</property>
<property name="Connect Timeout">10 secs</property>
<property name="Read Timeout">10 secs</property>
<property name="Url"></property>
<property name="User Search Base"></property>
<property name="User Search Filter"></property>
<property name="Authentication Expiration">12 hours</property>
</provider>
</loginIdentityProviders>
推荐阅读
- delphi - 如何防止 TIdTcpServer 泛滥和连接卡住
- reactjs - 使用 nextjs 正确链接引导导航栏
- saprfc - 当需要消息服务器和端口时,如何在 7.50+ 中从 VBA 连接到 SAP
- git - 如何远程转储gitea存储库
- python - opencv 锐界提取图像
- postgresql - 如果列数不一致,如何在postgresql中取消堆叠group by的结果
- c++ - Halide - 有什么方法可以将 Buffer 解释为 Func?[编辑:自行解决]
- azure - 如何在应用程序中使用 Azure KeyVault 参考连接字符串
- sql - 消息 8152,级别 16,状态 2,第 1 行。查找哪些列将被截断
- javascript - 如何在Javascript中找到数组中最短单词的长度?