[jira] [Commented] (NIFI-6860) Upgrade NiFi 1.9.2 to 1.10.0 - Java11 LDAP (START_TLS) Issue

Tue, 12 Nov 2019 08:44:02 -0800 


    [ 
https://issues.apache.org/jira/browse/NIFI-6860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16972607#comment-16972607
 ] 

Josef Zahner commented on NIFI-6860:
------------------------------------

More News, we upgraded in parallel to NiFi 1.10.0 from java 1.8.0 to java 11. 
In our case java 11 breaks the LDAP START_TLS feature, if I switch back to java 
1.8.0 the error message is gone and NiFi 1.10.0 starts with the same config.

As workaround we will now switch back to java 1.8.0. But we are glad that we 
can still use the START_TLS feature (as it is the successor of LDAPS).

> Upgrade NiFi 1.9.2 to 1.10.0 - Java11 LDAP (START_TLS) Issue
> ------------------------------------------------------------
>
>                 Key: NIFI-6860
>                 URL: https://issues.apache.org/jira/browse/NIFI-6860
>             Project: Apache NiFi
>          Issue Type: Bug
>    Affects Versions: 1.10.0
>         Environment: NiFi Single Node with HTTPS/LDAP enabled; CentOS 7.x
>            Reporter: Josef Zahner
>            Priority: Blocker
>              Labels: Java11, LDAP, Nifi, START-TLS
>         Attachments: Screenshot 2019-11-11 at 11.14.52.png
>
>
> We would like to upgrade from NiFi 1.9.2 to 1.10.0 and we have HTTPS with 
> LDAP (START_TLS) authentication successfully enabled on 1.9.2. Now after 
> upgrading,  we have an issue which prevents nifi from startup:
> {code:java}
> 2019-11-11 08:29:30,447 ERROR [main] o.s.web.context.ContextLoader Context 
> initialization failed
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
> creating bean with name 
> 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration':
>  Unsatisfied dependency expressed through method 
> 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is 
> org.springframework.beans.factory.BeanExpressionException: Expression parsing 
> failed; nested exception is 
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
> creating bean with name 
> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied dependency 
> expressed through method 'setJwtAuthenticationProvider' parameter 0; nested 
> exception is org.springframework.beans.factory.BeanCreationException: Error 
> creating bean with name 'jwtAuthenticationProvider' defined in class path 
> resource [nifi-web-security-context.xml]: Cannot resolve reference to bean 
> 'authorizer' while setting constructor argument; nested exception is 
> org.springframework.beans.factory.BeanCreationException: Error creating bean 
> with name 'authorizer': FactoryBean threw exception on object creation; 
> nested exception is 
> org.springframework.ldap.AuthenticationNotSupportedException: [LDAP: error 
> code 13 - confidentiality required]; nested exception is 
> javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 - 
> confidentiality required]
>         at 
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:666)
>         at 
> org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
>         at 
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:366)
>         at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1269)
>         at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:551)
>         at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
>         at 
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
>         at 
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
>         at 
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
>         at 
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
>         at 
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761)
>         at 
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:867)
>         at 
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:543)
>         at 
> org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:443)
>         at 
> org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:325)
>         at 
> org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107){code}
> In authorizers.xml we added the line “{{<property name="Group Membership - 
> Enforce Case Sensitivity">false</property>}}”, but beside of that at least 
> the authorizers.xml is the same. Anybody an idea what could cause the error? 
> NiFi-5839 seems to be related to the property above. Other than that I found 
> no change regarding LDAP authentication...
>  https://issues.apache.org/jira/browse/NIFI-5839
> Any help would be appreciated



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to