[Merged by Bors] - Add support for LDAP authentication #303
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…perator into ldap-authentication
maltesander
requested changes
Jul 11, 2022
There was a problem hiding this comment.
LGTM overall. One bigger thing, the create_reporting_task_job fails when using LDAP (because of the missing single user credentials):
cat: /stackable/adminuser/username: No such file or directory
cat: /stackable/adminuser/password: No such file or directory
usage: create_nifi_reporting_task.py [-h] -n NIFI_API_URL -u USERNAME -p
PASSWORD -v NIFI_VERSION -c CERT -m
METRICS_PORT [-t TASK_NAME]
create_nifi_reporting_task.py: error: argument -u/--username: expected one argument
Not sure how, but it needs the right credentials from LDAP. Any idea how we can do that?
Co-authored-by: Malte Sander <[email protected]>
Co-authored-by: Malte Sander <[email protected]>
|
The reporting job should now be fixed. |
maltesander
approved these changes
Jul 20, 2022
There was a problem hiding this comment.
LGTM. Maybe talk to @siegfriedweber how and when we can release a new operator-rs tag?
…perator into ldap-authentication
|
@maltesander could you please do one final review? |
|
bors r+ |
bors bot
pushed a commit
that referenced
this pull request
Aug 1, 2022
# Description
Doesn't make to much sense without authZ, but that is another story. Trying to split that to keep PRs small.
TODOs:
- [x] Release operator-rs
- [x] Watch AuthenticationClass
I tried using multiple LoginIdentityProvider as follows but NIFI failed to start up
```
<provider>
<identifier>login-identity-provider</identifier>
<class>org.apache.nifi.authentication.single.user.SingleUserLoginIdentityProvider</class>
<property name="Username">sbernauer</property>
<property name="Password">sbernauer</property>
</provider>
<provider>
<identifier>login-identity-provider</identifier>
<class>org.apache.nifi.ldap.LdapProvider</class>
<property name="Authentication Strategy">{authentication_strategy}</property>
<property name="Manager DN">xxx_ldap_bind_username_xxx</property>
<property name="Manager Password">xxx_ldap_bind_password_xxx</property>
<property name="Referral Strategy">THROW</property>
<property name="Connect Timeout">10 secs</property>
<property name="Read Timeout">10 secs</property>
<property name="Url">{protocol}://{hostname}:{port}</property>
<property name="User Search Base">{search_base}</property>
<property name="User Search Filter">{search_filter}</property>
<property name="TLS - Client Auth">NONE</property>
<property name="TLS - Keystore">/stackable/keystore/keystore.p12</property>
<property name="TLS - Keystore Password">secret</property>
<property name="TLS - Keystore Type">PKCS12</property>
<property name="TLS - Truststore">/stackable/keystore/truststore.p12</property>
<property name="TLS - Truststore Password">secret</property>
<property name="TLS - Truststore Type">PKCS12</property>
<property name="TLS - Protocol">TLSv1.2</property>
<property name="TLS - Shutdown Gracefully">true</property>
<property name="Identity Strategy">USE_DN</property>
<property name="Authentication Expiration">7 days</property>
</provider>
```
Startup error
```
│ nifi 2022-07-27 13:52:22,343 INFO [NiFi logging handler] org.apache.nifi.StdOut Caused by: org.apache.nifi.authentication.exception.ProviderCreationException: The Authentication Expiration must be specified. │
│ nifi 2022-07-27 13:52:22,343 INFO [NiFi logging handler] org.apache.nifi.StdOut at org.apache.nifi.ldap.LdapProvider.onConfigured(LdapProvider.java:79)
```
Which doesn't make any sense
|
Pull request successfully merged into main. Build succeeded: |
8 tasks
7 tasks
vsupalov
pushed a commit
to stackabletech/druid-operator
that referenced
this pull request
Nov 14, 2022
vsupalov
pushed a commit
to stackabletech/druid-operator
that referenced
this pull request
Nov 15, 2022
vsupalov
pushed a commit
to stackabletech/druid-operator
that referenced
this pull request
Nov 15, 2022
vsupalov
pushed a commit
to stackabletech/druid-operator
that referenced
this pull request
Nov 16, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Doesn't make to much sense without authZ, but that is another story. Trying to split that to keep PRs small.
TODOs:
I tried using multiple LoginIdentityProvider as follows but NIFI failed to start up
Startup error
Which doesn't make any sense
Review Checklist
Once the review is done, comment
bors r+(orbors merge) to merge. Further information