Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.23.0
-
None
-
None
-
Linux Centos 7
Description
When Nifi is started and authorizers.xml is configured with ldap-user-group-provider
<userGroupProvider>
<identifier>ldap-user-group-provider</identifier>
<class>org.apache.nifi.ldap.tenants.LdapUserGroupProvider</class>
<property name="Authentication Strategy">SIMPLE</property>
If the Ldap Manager DN fails to bind for any reason.
i.e change of password or change DN location of bind user.
Properties –
"Manager DN">CN=svcNifi,CN=Users,DC=lab,DC=ad,DC=local</property>
"Manager Password">badpassword</property>
--------------
Nifi nodes with shutdown on service restart.
This needs to be configurable as there is still the admin certificate available to allow access to nifi in an emergency.
There are many reason why the Ldap bind user may fail in a production environment, where separate teams are responsible for AD security and Admin of Nifi.
Someone unknowingly changing the ldap service account for nifi should not result in a total Nifi outage if all nodes are restarted.
This happened to us this week where a security team reset the service account password without understanding the consequences.
Nifi had been up for 299 days prior. A planned outage was performed to update SSL certificates on all nodes. When the cluster was restarted it immediately resulted in Nifi shutting down on startup resulting in a 2.5 hour outage while we tracked down the issue,
I believe this should be fixed asap if there isn't already a flag to control this behavour on startup on should be added. Its not easy to fault find and can cause a small planned outage to escalate into something much larger.