Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id AB9262009C6 for ; Tue, 17 May 2016 00:30:24 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id AA2C9160A19; Mon, 16 May 2016 22:30:24 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id CC1B2160A16 for ; Tue, 17 May 2016 00:30:23 +0200 (CEST) Received: (qmail 99355 invoked by uid 500); 16 May 2016 22:30:22 -0000 Mailing-List: contact dev-help@nifi.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@nifi.apache.org Delivered-To: mailing list dev@nifi.apache.org Received: (qmail 99341 invoked by uid 99); 16 May 2016 22:30:22 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 16 May 2016 22:30:22 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 1EB82180547 for ; Mon, 16 May 2016 22:30:22 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.529 X-Spam-Level: * X-Spam-Status: No, score=1.529 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2, KAM_LOTSOFHASH=0.25, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=cloudera-com.20150623.gappssmtp.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id pmvtUZ-wiTLx for ; Mon, 16 May 2016 22:30:19 +0000 (UTC) Received: from mail-wm0-f54.google.com (mail-wm0-f54.google.com [74.125.82.54]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 0FCFC5F39D for ; Mon, 16 May 2016 22:30:18 +0000 (UTC) Received: by mail-wm0-f54.google.com with SMTP id g17so1438534wme.1 for ; Mon, 16 May 2016 15:30:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudera-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to; bh=PPPQMWLf9KbKKT5ru0zOoyzkH8sXekws0x7UC47aUho=; b=VBSwnaziE7WxhVgKp7/ybtLFzdloVvcOUYSEckaU2cL16W9vgbdGabVxFwCEQ3SlG4 n1TglSj5A+xffRhnnBJjWxgDDIuyx+ARwNGklkgZK1vAJC7CrE3oorZqhoCNkiO4bfVL igOkYHwIi5ss+ESPpOL+K80dEov/joI0KAFrLG6FErJ4krqhczaBOYOQ6vedfDEiXIJC 5lFDiG6aS3OjD+LTYj7nAzJIsdYJ3zRs/go3ff8DSYLUAWbxgNKo11BS2M78Cs/xSSTp vAywxzACiYadHSGH6QEGpoHffxkxldwbiQq6iiuSRSFuhCOB9cwAlnCeIpbNLuJ0/Lug dhxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to; bh=PPPQMWLf9KbKKT5ru0zOoyzkH8sXekws0x7UC47aUho=; b=SZXHy8RL1y+7q+BWEeWQZWBC3ZkodlhykfszvvqQ8CBNcFlLdfJ7TN2eO201A/WMTU lbxjJxIBXfkNd9XlRZ0z6VOaIGDsoIuZGkd3xRaH9IvVzUQCKQikiJ3dJ31j6B9w1oY0 795PABPpEVgZB5kfii50q6gkMsu6A+TXLLnBit91L0xEpmeoHR0FwPJnecO+i4fcWP4Z BWVHoIjWiQR5vLiSbUtvhlVeU0om6zEAVZZfqe6oAMVvM4Fzd0lSA6uci9BF7njx3mLZ p7soAsUnoh8UgkEmvj5ZQod2L8zdYTA7xo36mDD0b7vqDvv6mY6LfsfRCSxhhLbD12ai DCrw== X-Gm-Message-State: AOPr4FVgy8wcBMaORJVchIoBrxYuQnE+M3FHKiDdsIzpnrrFeQV5+TSaUlJEngwF3QiakFUh63kLKm0jHAqXHhuH MIME-Version: 1.0 X-Received: by 10.28.230.69 with SMTP id d66mr20619957wmh.73.1463437811924; Mon, 16 May 2016 15:30:11 -0700 (PDT) Received: by 10.194.134.201 with HTTP; Mon, 16 May 2016 15:30:11 -0700 (PDT) In-Reply-To: <70337E7F-1CB7-43AC-AA2D-7BDAD82FB7F8@apache.org> References: <89FE046A-C1EF-4FE0-A4DC-B833E440E30B@apache.org> <70337E7F-1CB7-43AC-AA2D-7BDAD82FB7F8@apache.org> Date: Mon, 16 May 2016 18:30:11 -0400 Message-ID: Subject: Re: Trouble with the LDAP Authentication Provider From: Ricky Saltzer To: dev@nifi.apache.org Content-Type: multipart/alternative; boundary=001a1147c6e2ee66210532fd2a10 archived-at: Mon, 16 May 2016 22:30:24 -0000 --001a1147c6e2ee66210532fd2a10 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Ah I believe I've figured it out. It appears I was getting confused by the difference between authority-providers and the login-identity-providers as they have identical stanzas. The solution was to add the provider to the login-identity-providers.xml. Thanks so much for your sample configs, Andy! On Sun, May 15, 2016 at 7:43 PM, Andy LoPresto wrote= : > Hi Ricky, > > I checked out nifi-0.6.1 and built on my system, then deployed with a > Kerberos configuration and a KDC running in Vagrant and everything worked > fine. Was able to run kinit on the command line of the client machine, an= d > then opening Safari established a session using my Kerberos principal > immediately. I looked at your app log, and it appears it might be a file > permission/existence issue. I admit the error could be more helpful =E2= =80=94 it=E2=80=99s > unclear as to whether it=E2=80=99s an IO problem or an XML problem or a S= pring > problem. Can you please verify that the authority-providers.xml file exis= ts > in the correct location, has the correct access permissions, and is > well-formed XML? I=E2=80=99ve published my nifi.properties [1], > authority-providers.xml [2], authorized-users.xml [3], and > login-identity-provider.xml [4] files as gists as well for comparison. > > In the nifi.properties, note lines 142 & 143, as they define the > references to the authority and login identity providers, and lines 187 & > 189, as they define the Kerberos properties. > > From your nifi-app.log: > > 2016-05-12 14:14:04,468 ERROR [main] o.s.web.context.ContextLoader Contex= t > initialization failed > org.springframework.beans.factory.BeanCreationException: Error creating > bean with name 'niFiWebApiSecurityConfiguration': Injection of autowired > dependencies failed; nested exception is > org.springframework.beans.factory.BeanCreationException: Could not autowi= re > method: public void > org.apache.nifi.web.NiFiWebApiSecurityConfiguration.setUserDetailsService= (org.springframework.security.core.userdetails.AuthenticationUserDetailsSer= vice); > nested exception is > org.springframework.beans.factory.BeanCreationException: Error creating > bean with name 'userDetailsService' defined in class path resource > [nifi-web-security-context.xml]: Cannot resolve reference to bean > 'userService' while setting bean property 'userService'; nested exception > is org.springframework.beans.factory.BeanCreationException: Error creatin= g > bean with name 'userService' defined in class path resource > [nifi-administration-context.xml]: Cannot resolve reference to bean > 'userTransactionBuilder' while setting bean property 'transactionBuilder'= ; > nested exception is > org.springframework.beans.factory.BeanCreationException: Error creating > bean with name 'userTransactionBuilder' defined in class path resource > [nifi-administration-context.xml]: Cannot resolve reference to bean > 'authorityProvider' while setting bean property 'authorityProvider'; nest= ed > exception is org.springframework.beans.factory.BeanCreationException: Err= or > creating bean with name 'authorityProvider': FactoryBean threw exception = on > object creation; *nested exception is java.lang.Exception: Unable to load > the authority provider configuration file at: > /private/tmp/nifi-0.6.1/./conf/authority-providers.xml* > > [1] https://gist.github.com/alopresto/dfad48f55780fee3d0d62b7a0169f2d7 > [2] https://gist.github.com/alopresto/b3bd36676ff72351e641df6869bc1b84 > [3] https://gist.github.com/alopresto/e6bca539876fe4324f49e4996f41c91a > [4] https://gist.github.com/alopresto/06938e4d0ccdf2168fe0fc6158780a56 > > Andy LoPresto > alopresto@apache.org > *alopresto.apache@gmail.com * > PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > > On May 13, 2016, at 4:05 PM, Ricky Saltzer wrote: > > Right on! I appreciate you helping out. Have a good weekend! > > On Fri, May 13, 2016 at 3:59 PM, Andy LoPresto > wrote: > > Thanks Ricky. I=E2=80=99ll set up a demo environment with 0.6.1 and LDAP/= Kerberos > authentication > locally and see if I can reproduce. Probably get back to you Monday? > > Andy LoPresto > alopresto@apache.org > *alopresto.apache@gmail.com * > PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > > On May 13, 2016, at 1:47 PM, Ricky Saltzer wrote: > > Hey Andy - > > The full log file, nifi.properties, and authority-providers in the > following gists. Obviously I've replaced some values in the > authority-providers with fake data for security reasons. > > *Log:* > > > https://gist.githubusercontent.com/rickysaltzer/a645f18a4b3d8bacd16d57cd0= 93f8997/raw/08f78789b66a4d7094629699af7f408870b2c0da/gistfile1.txt > > *Authority: * > > > https://gist.githubusercontent.com/rickysaltzer/b6db60311ea9e3abb94ac183e= 1c02a59/raw/a75b348ea9515acf0d7bbe0a936972c9b6cb38fe/gistfile1.txt > > *Properties:* > > > https://gist.githubusercontent.com/rickysaltzer/3b29f430d0d1b6361a7ff097e= 8fcea6a/raw/28bb328fc01ed5256b41bfb324341c083f6fa354/gistfile1.txt > > On Fri, May 13, 2016 at 10:55 AM, Andy LoPresto > wrote: > > Hi Ricky, > > Can you provide the contents of logs/nifi-app.log as well to see if there > is anything relevant to this exception? The code where this is failing > attempts to deserialize the XML into one of a number of classes > implementing the AuthorityProvider interface via the factory. Are you sur= e > the XML is valid and complete, and that the provider identifier is also > specified in nifi.properties? > > Andy LoPresto > alopresto@apache.org > *alopresto.apache@gmail.com * > > PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > > On May 12, 2016, at 2:26 PM, Ricky Saltzer wrote: > > Using the following provider on 0.6.1, I'm faced with a ClassCastExceptio= n. > It might also be worth noting that I face the same exception when > attempting to us the KerberosProvider option. > > *Provider:* > > ldap-provider > org.apache.nifi.ldap.LdapProvider > SIMPLE > > dethklok\toki > bananasticker > > > > > > > > > > > > FOLLOW > 10 secs > 10 secs > > ldap://ldap.metalocalypse.com > Base">CN=3DUsers,DC=3Dmetalocalypse,DC=3Dlocal > foo > > 12 hours > > > *Exception:* > Caused by: java.lang.ClassCastException: class > org.apache.nifi.ldap.LdapProvider > at java.lang.Class.asSubclass(Class.java:3208) ~[na:1.7.0_79] > at > > > > org.apache.nifi.authorization.AuthorityProviderFactoryBean.createAuthorit= yProvider(AuthorityProviderFactoryBean.java:173) > ~[na:na] > at > > > > org.apache.nifi.authorization.AuthorityProviderFactoryBean.getObject(Auth= orityProviderFactoryBean.java:111) > ~[na:na] > at > > > > org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGe= tObjectFromFactoryBean(FactoryBeanRegistrySupport.java:168) > ~[na:na] > ... 75 common frames omitted > > > > > > -- > Ricky Saltzer > http://www.cloudera.com > > > > > > -- > Ricky Saltzer > http://www.cloudera.com > > > --=20 Ricky Saltzer http://www.cloudera.com --001a1147c6e2ee66210532fd2a10--