I wasn't able to find any single good way, I don't know if switching the logs down to debug or trace might give you a bit more info though . In the end I just went through a worked it out by hand using a combination of manual checking against an alternative tool (i.e. an LDAP browser), file format checkers, or just commenting things out by hand.
I did sometimes find that white space character (new line etc...) can occasionally cause a problem with the Spring loading. Edward On Fri, Jul 19, 2019 at 10:45 AM Nicolas Delsaux <nicolas.dels...@gmx.fr> wrote: > Is there any way to get a better error ? > Le 19/07/2019 à 11:36, Edward Armes a écrit : > > Hi Nicolas, > > This one is a bit of a Spring special. The actual cause here is that the > Spring Bean that is being created from this file has silently failed, and > thus the auto-wiring has failed as well. The result is you get this lovely > misleading error. The normal reason for the bean not being created I found > was because I made a typo in the configuration file(s). > > Edward > > On Fri, Jul 19, 2019 at 10:21 AM Nicolas Delsaux <nicolas.dels...@gmx.fr> > wrote: > >> Hi all >> >> Now I know how to connect to my LDAP directory, i now have a strange error >> >> >> nifi-runner_1 | >> org.springframework.beans.factory.UnsatisfiedDependencyException: Error >> creating bean with name >> 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': >> Unsatisfied dependency expressed through method >> 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is >> org.springframework.beans.factory.BeanExpressionException: Expression >> parsing failed; nested exception is >> org.springframework.beans.factory.UnsatisfiedDependencyException: Error >> creating bean with name >> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied >> dependency expressed through method 'setJwtAuthenticationProvider' >> parameter 0; nested exception is >> org.springframework.beans.factory.BeanCreationException: Error creating >> bean with name 'jwtAuthenticationProvider' defined in class path resource >> [nifi-web-security-context.xml]: Cannot resolve reference to bean >> 'authorizer' while setting constructor argument; nested exception is >> org.springframework.beans.factory.BeanCreationException: Error creating >> bean with name 'authorizer': FactoryBean threw exception on object >> creation; nested exception is java.lang.Exception: The specified authorizer >> 'ldap-user-group-provider' could not be found. >> >> [... let me just skip the uninteresting Spring stack ...] >> >> nifi-runner_1 | Caused by: >> org.springframework.beans.factory.BeanCreationException: Error creating >> bean with name 'authorizer': FactoryBean threw exception on object >> creation; nested exception is java.lang.Exception: The specified authorizer >> 'ldap-user-group-provider' could not be found. >> nifi-runner_1 | at >> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:185) >> nifi-runner_1 | at >> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103) >> nifi-runner_1 | at >> org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1640) >> nifi-runner_1 | at >> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:323) >> nifi-runner_1 | at >> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) >> nifi-runner_1 | at >> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351) >> nifi-runner_1 | ... 96 common frames omitted >> nifi-runner_1 | Caused by: java.lang.Exception: The specified authorizer >> 'ldap-user-group-provider' could not be found. >> nifi-runner_1 | at >> org.apache.nifi.authorization.AuthorizerFactoryBean.getObject(AuthorizerFactoryBean.java:175) >> nifi-runner_1 | at >> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:178) >> >> From what I understand, it seems like the AuthorizerFactoryBean tries to >> read my user-group-provider from the authorizers.xml file. >> >> >> I have such an user group provider, which is a ldap one : >> <authorizers> >> <userGroupProvider> >> <identifier>ldap-user-group-provider</identifier> >> <class>org.apache.nifi.ldap.tenants.LdapUserGroupProvider</class> >> <property name="Authentication Strategy">LDAPS</property> >> <property name="Manager DN">a_dn</property> >> <property name="Manager Password">a_password</property> >> <property name="TLS - Keystore"></property> >> <property name="TLS - Keystore Password"></property> >> <property name="TLS - Keystore Type"></property> >> <property name="TLS - Truststore">/opt/certs/cacerts.jks</property> >> <property name="TLS - Truststore Password">another</property> >> <property name="TLS - Truststore Type">JKS</property> >> <property name="TLS - Client Auth"></property> >> <property name="TLS - Protocol">TLSv1</property> >> <property name="TLS - Shutdown Gracefully"></property> >> <property name="Referral Strategy">FOLLOW</property> >> <property name="Connect Timeout">10 secs</property> >> <property name="Read Timeout">10 secs</property> >> <property name="Url">ldaps://myserver.mycompany.com:636</property> >> <property name="Page Size"></property> >> <property name="Sync Interval">30 mins</property> >> <property name="User Search Base">ou=people,o=mycompany.com</property> >> <property name="User Object Class">privPerson</property> >> <property name="User Search Scope">SUBTREE</property> >> <property name="User Search Filter"></property> >> <property name="User Identity Attribute">uid</property> >> <property name="User Group Name Attribute">This attribute doesn't exist >> to make sure no grouping is done</property> >> <property name="User Group Name Attribute - Referenced Group Attribute" >> ></property> >> <property name="Group Search Base"></property> >> <property name="Group Object Class">group</property> >> <property name="Group Search Scope">ONE_LEVEL</property> >> <property name="Group Search Filter"></property> >> <property name="Group Name Attribute"></property> >> <property name="Group Member Attribute"></property> >> <property name="Group Member Attribute - Referenced User Attribute"></ >> property> >> </userGroupProvider> >> >> So why can't it be loaded ? >> >> Because I don't see any other exception (typically, I would expect a >> search fail exception, but it seems to work). >> >