Hi all Now I know how to connect to my LDAP directory, i now have a strange error
nifi-runner_1 | org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Unsatisfied dependency expressed through method 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is org.springframework.beans.factory.BeanExpressionException: Expression parsing failed; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied dependency expressed through method 'setJwtAuthenticationProvider' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jwtAuthenticationProvider' defined in class path resource [nifi-web-security-context.xml]: Cannot resolve reference to bean 'authorizer' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authorizer': FactoryBean threw exception on object creation; nested exception is java.lang.Exception: The specified authorizer 'ldap-user-group-provider' could not be found. [... let me just skip the uninteresting Spring stack ...] nifi-runner_1 | Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authorizer': FactoryBean threw exception on object creation; nested exception is java.lang.Exception: The specified authorizer 'ldap-user-group-provider' could not be found. nifi-runner_1 | at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:185) nifi-runner_1 | at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103) nifi-runner_1 | at org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1640) nifi-runner_1 | at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:323) nifi-runner_1 | at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) nifi-runner_1 | at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351) nifi-runner_1 | ... 96 common frames omitted nifi-runner_1 | Caused by: java.lang.Exception: The specified authorizer 'ldap-user-group-provider' could not be found. nifi-runner_1 | at org.apache.nifi.authorization.AuthorizerFactoryBean.getObject(AuthorizerFactoryBean.java:175) nifi-runner_1 | at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:178) From what I understand, it seems like the AuthorizerFactoryBean tries to read my user-group-provider from the authorizers.xml file. I have such an user group provider, which is a ldap one : <authorizers> <userGroupProvider> <identifier>ldap-user-group-provider</identifier> <class>org.apache.nifi.ldap.tenants.LdapUserGroupProvider</class> <propertyname="Authentication Strategy">LDAPS</property> <propertyname="Manager DN">a_dn</property> <propertyname="Manager Password">a_password</property> <propertyname="TLS - Keystore"></property> <propertyname="TLS - Keystore Password"></property> <propertyname="TLS - Keystore Type"></property> <propertyname="TLS - Truststore">/opt/certs/cacerts.jks</property> <propertyname="TLS - Truststore Password">another</property> <propertyname="TLS - Truststore Type">JKS</property> <propertyname="TLS - Client Auth"></property> <propertyname="TLS - Protocol">TLSv1</property> <propertyname="TLS - Shutdown Gracefully"></property> <propertyname="Referral Strategy">FOLLOW</property> <propertyname="Connect Timeout">10 secs</property> <propertyname="Read Timeout">10 secs</property> <propertyname="Url">ldaps://myserver.mycompany.com:636</property> <propertyname="Page Size"></property> <propertyname="Sync Interval">30 mins</property> <propertyname="User Search Base">ou=people,o=mycompany.com</property> <propertyname="User Object Class">privPerson</property> <propertyname="User Search Scope">SUBTREE</property> <propertyname="User Search Filter"></property> <propertyname="User Identity Attribute">uid</property> <propertyname="User Group Name Attribute">This attribute doesn't exist to make sure no grouping is done</property> <propertyname="User Group Name Attribute - Referenced Group Attribute"></property> <propertyname="Group Search Base"></property> <propertyname="Group Object Class">group</property> <propertyname="Group Search Scope">ONE_LEVEL</property> <propertyname="Group Search Filter"></property> <propertyname="Group Name Attribute"></property> <propertyname="Group Member Attribute"></property> <propertyname="Group Member Attribute - Referenced User Attribute"></property> </userGroupProvider> So why can't it be loaded ? Because I don't see any other exception (typically, I would expect a search fail exception, but it seems to work).
