[ https://issues.apache.org/jira/browse/NIFI-6860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16983741#comment-16983741 ]
Nathan Gough commented on NIFI-6860: ------------------------------------ Hi Josef, I was able to get Java 11 + NiFi authenticating users with an OpenLDAP server using STARTTLS. I'm using a Java 8 build of NiFi but running on Java 11. {code:java} $ java -version openjdk version "11.0.5" 2019-10-15 OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.5+10-201908101809) OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11.0.5+10-201908101809, mixed mode) {code} I configured NiFi to use 1 way TLS and can see a successful key exchange and then encrypted application data traffic in Wireshark when I authenticate. Are you able to provide any more details of how to replicate your issue? Are you using 2 way authentication (a keystore on the NiFi side)? > Upgrade NiFi 1.9.2 to 1.10.0 - Java11 LDAP (START_TLS) Issue > ------------------------------------------------------------ > > Key: NIFI-6860 > URL: https://issues.apache.org/jira/browse/NIFI-6860 > Project: Apache NiFi > Issue Type: Bug > Affects Versions: 1.10.0 > Environment: NiFi Single Node with HTTPS/LDAP enabled; CentOS 7.x > Reporter: Josef Zahner > Assignee: Nathan Gough > Priority: Blocker > Labels: Java11, LDAP, Nifi, START-TLS > Attachments: Screenshot 2019-11-11 at 11.14.52.png > > > We would like to upgrade from NiFi 1.9.2 to 1.10.0 and we have HTTPS with > LDAP (START_TLS) authentication successfully enabled on 1.9.2. Now after > upgrading, we have an issue which prevents nifi from startup: > {code:java} > 2019-11-11 08:29:30,447 ERROR [main] o.s.web.context.ContextLoader Context > initialization failed > org.springframework.beans.factory.UnsatisfiedDependencyException: Error > creating bean with name > 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': > Unsatisfied dependency expressed through method > 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is > org.springframework.beans.factory.BeanExpressionException: Expression parsing > failed; nested exception is > org.springframework.beans.factory.UnsatisfiedDependencyException: Error > creating bean with name > 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied dependency > expressed through method 'setJwtAuthenticationProvider' parameter 0; nested > exception is org.springframework.beans.factory.BeanCreationException: Error > creating bean with name 'jwtAuthenticationProvider' defined in class path > resource [nifi-web-security-context.xml]: Cannot resolve reference to bean > 'authorizer' while setting constructor argument; nested exception is > org.springframework.beans.factory.BeanCreationException: Error creating bean > with name 'authorizer': FactoryBean threw exception on object creation; > nested exception is > org.springframework.ldap.AuthenticationNotSupportedException: [LDAP: error > code 13 - confidentiality required]; nested exception is > javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 - > confidentiality required] > at > org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:666) > at > org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87) > at > org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:366) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1269) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:551) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481) > at > org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312) > at > org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) > at > org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308) > at > org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) > at > org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761) > at > org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:867) > at > org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:543) > at > org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:443) > at > org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:325) > at > org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107){code} > In authorizers.xml we added the line “{{<property name="Group Membership - > Enforce Case Sensitivity">false</property>}}”, but beside of that at least > the authorizers.xml is the same. Anybody an idea what could cause the error? > NiFi-5839 seems to be related to the property above. Other than that I found > no change regarding LDAP authentication... > https://issues.apache.org/jira/browse/NIFI-5839 > Any help would be appreciated -- This message was sent by Atlassian Jira (v8.3.4#803005)