nifi-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josef Zahner (Jira)" <j...@apache.org>
Subject [jira] [Commented] (NIFI-6860) Upgrade NiFi 1.9.2 to 1.10.0 - Java11 LDAP (START_TLS) Issue
Date Tue, 12 Nov 2019 16:43:00 GMT

    [ https://issues.apache.org/jira/browse/NIFI-6860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16972607#comment-16972607
] 

Josef Zahner commented on NIFI-6860:
------------------------------------

More News, we upgraded in parallel to NiFi 1.10.0 from java 1.8.0 to java 11. In our case
java 11 breaks the LDAP START_TLS feature, if I switch back to java 1.8.0 the error message
is gone and NiFi 1.10.0 starts with the same config.

As workaround we will now switch back to java 1.8.0. But we are glad that we can still use
the START_TLS feature (as it is the successor of LDAPS).

> Upgrade NiFi 1.9.2 to 1.10.0 - Java11 LDAP (START_TLS) Issue
> ------------------------------------------------------------
>
>                 Key: NIFI-6860
>                 URL: https://issues.apache.org/jira/browse/NIFI-6860
>             Project: Apache NiFi
>          Issue Type: Bug
>    Affects Versions: 1.10.0
>         Environment: NiFi Single Node with HTTPS/LDAP enabled; CentOS 7.x
>            Reporter: Josef Zahner
>            Priority: Blocker
>              Labels: Java11, LDAP, Nifi, START-TLS
>         Attachments: Screenshot 2019-11-11 at 11.14.52.png
>
>
> We would like to upgrade from NiFi 1.9.2 to 1.10.0 and we have HTTPS with LDAP (START_TLS)
authentication successfully enabled on 1.9.2. Now after upgrading,  we have an issue which
prevents nifi from startup:
> {code:java}
> 2019-11-11 08:29:30,447 ERROR [main] o.s.web.context.ContextLoader Context initialization
failed
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean
with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration':
Unsatisfied dependency expressed through method 'setFilterChainProxySecurityConfigurer' parameter
1; nested exception is org.springframework.beans.factory.BeanExpressionException: Expression
parsing failed; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException:
Error creating bean with name 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied
dependency expressed through method 'setJwtAuthenticationProvider' parameter 0; nested exception
is org.springframework.beans.factory.BeanCreationException: Error creating bean with name
'jwtAuthenticationProvider' defined in class path resource [nifi-web-security-context.xml]:
Cannot resolve reference to bean 'authorizer' while setting constructor argument; nested exception
is org.springframework.beans.factory.BeanCreationException: Error creating bean with name
'authorizer': FactoryBean threw exception on object creation; nested exception is org.springframework.ldap.AuthenticationNotSupportedException:
[LDAP: error code 13 - confidentiality required]; nested exception is javax.naming.AuthenticationNotSupportedException:
[LDAP: error code 13 - confidentiality required]
>         at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:666)
>         at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
>         at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:366)
>         at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1269)
>         at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:551)
>         at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
>         at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
>         at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
>         at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
>         at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
>         at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761)
>         at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:867)
>         at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:543)
>         at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:443)
>         at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:325)
>         at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107){code}
> In authorizers.xml we added the line “{{<property name="Group Membership - Enforce
Case Sensitivity">false</property>}}”, but beside of that at least the authorizers.xml
is the same. Anybody an idea what could cause the error? 
> NiFi-5839 seems to be related to the property above. Other than that I found no change
regarding LDAP authentication...
>  https://issues.apache.org/jira/browse/NIFI-5839
> Any help would be appreciated



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message