McMahon
Sent: Wednesday, May 30, 2018 1:41 PM
To: users@nifi.apache.org
Subject: Re: User, Group in LDAP appear to be unknown to PutFile
Yes sir - we are indeed able to create files with that group. By chance, are
you using /etc/nsswitch.conf? Do your entries for passwd, shadow, and group
look
>
>
> Thanks
>
> Shawn
>
>
>
> *From:* James McMahon
> *Sent:* Wednesday, May 30, 2018 8:21 AM
> *To:* users@nifi.apache.org
> *Subject:* Re: User, Group in LDAP appear to be unknown to PutFile
>
>
>
> I did indeed configure PutFile as follows:
>
> Permiss
LDAP appear to be unknown to PutFile
I did indeed configure PutFile as follows:
Permissions . 775
Owner . nifi
Group . ext_dev
When nifi is in local /etc/passwd and ext_dev is in local /etc/group, the
PutFile succeeds.
When neither exists in the local files, I get the Warning in both case
I did indeed configure PutFile as follows:
Permissions . 775
Owner . nifi
Group . ext_dev
When nifi is in local /etc/passwd and ext_dev is in local /etc/group, the
PutFile succeeds.
When neither exists in the local files, I get the Warning in both case and
the file is output with nifi
Shot in the dark, if you have a user named nifi in the LDAP and one in the
OS it might not actually be treated as the same unless the OS is using LDAP
to provide the user listing. Something as simple as /etc/users having a
password for "nifi" and the LDAP not having it or it being a different hash
By default, PutFile will set the ownership of the file to the user running
the NiFi instance (nifi if NiFi is running as nifi user). Then, if you
configured a different ownership in the processor configuration it'll try
to set the ownership using the username you configured in the processor.
What d
Yes sir, sure does. In this instance my user nifi does indeed resolve at
the OS level - I think that gives us some confidence it does resolve. The
lookupPrincipalByName(owner) within the PutFile is where I believe the
failure is rooted, but I do not understand how that function executes its
lookup.
I think we're saying the same :) Let me rephrase it differently: to set the
owner of a file, the user needs to be resolved at OS level. If the user
does not exist (from the OS point of view), NiFi won't be able to set the
owner (even though the username is in the LDAP configured for NiFi
authentica
I don't understand this:
"Until you *can't* resolve the user with OS commands, I don't think NiFi
will be able to set the expected owner on the file"
Did you intend to say can there - don't we want to be able to resolve the
user at the OS as an initial validation that we can get to the ldap and as
It depends how your OS is configured, you could leverage tools like SSSD to
resolve users against your LDAP but that's something to be configured at OS
level.
Until you can't resolve the user with OS commands, I don't think NiFi will
be able to set the expected owner on the file.
2018-05-30 11:54
Hello Pierre, and thank you. The user in this case - nifi - is not in the
local /etc/passwd and is in the ldap. I presume this will force the id
to resolve using the ldap, if it does resolve? At the OS the id
command returns the uid, the gid, and the groups to which user nifi has
membership withi
My apologies. It is sometimes difficult to decide if the root cause of a
challenge is related to code or related to a user level configuration
issue. In this case I had included the developer group because it seemed it
might relate to the PutFile after I had eliminated the possible
configuration om
Hi Jim,
LDAP for authentication and authorizations in NiFi has nothing to do with
the processors.
How processors are running/working is completely independent to the
authN/authZ model you configure for NiFi.
Regarding your error, I'd say that you get this error because user/group
you're setting i
jim
please only post to one list.
users is good for this.
thanks
joe
On Tue, May 29, 2018, 3:54 PM James McMahon wrote:
> Good evening. I have recently migrated my nifi service host server from
> local resolution of users and groups to use an LDAP server. I configured
> login-identity-provider
Good evening. I have recently migrated my nifi service host server from
local resolution of users and groups to use an LDAP server. I configured
login-identity-providers.xml and
nifi.security.user.login.identity.provider. I verified my configuration is
known to NiFi by first restarting my nifi serv
15 matches
Mail list logo
