Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.5.0
-
None
-
None
-
2 node cluster
RHEL 7.3
NiFi 1.5.0
Windows AD
Description
Hi guys,
Have a problem when using LDAP Auth with LDAP Authorization in NiFi secure cluster mode.
My DN in AD looks so:
CN=Lastname Firstname Middlename, OU=..., ...
where CN consists of cyrillic chars (russian alphabet)
After successful ldap auth and applying specified mappings NiFi passes CN only (only 1st, last, middle name) to ldap authorizer. In single mode I have no problems, my CN successfully passes authorization. But in cluster mode I have such error:
Unknown user with identity 'Ð<U+0091>езÑ<U+0080>Ñ<U+0083>киÑ<U+0085> Ð<U+0093>еоÑ<U+0080>гийÐ<U+0093>еннадÑ<U+008C>евиÑ<U+0087>'. Returning Forbidden response.
See attached screenshot with error message in UI.
It seems that there is ISO-8859-1 chars but NiFi tries to implement it as UTF-8 sequence. Can't understand what is the reason of this transformation in cluster mode.
I've tried ldap auth with "Identity Strategy = USE_USERNAME" witthout any mappings and specified my sAMAccountName in file-user-group-provider as Initial User Identity. Such workaround works but I have to create other ldap users manually. So I would prefer ldap authorization.
Can you help me find solution?
You can find conf & logs in attachment.
Env:
2 node cluster
NiFi 1.5.0
RHEL 7.3
Windows AD