Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nipyapi login issue to NiFi with LDAP authentication #344

Open
marcchanwork opened this issue Mar 21, 2024 · 4 comments
Open

Nipyapi login issue to NiFi with LDAP authentication #344

marcchanwork opened this issue Mar 21, 2024 · 4 comments

Comments

@marcchanwork
Copy link

  • Nipyapi version: 0.19.1
  • NiFi version: 1.19.1
  • NiFi-Registry version: 1.19.1
  • Python version: 3.9.18
  • Operating System: Linux/Redhat 9

Description

Our nifi currently is connected to LDAP for login authentication. This caused an error during login via nipyapi:
"ValueError: Username/Password login not supported by this NiFi."

Saw in some posts that we can use client certificates to generate access token for login. I was able to proceed with cli.sh from the nifi-toolkit. So now I plan to adjust my current nipyapi script to also apply certificates upon login/access token request.

What I Did

I tried to add ssl_context but I am bit confused as to what settings / certificates do I need to use.
I have the following certs:
client.cer
client.key
truststore.jks
keystore.jks

I tried to do the following functions:
set_service_ssl_context, nipypi.nifi_config

Urgency

Not urgent but any help is appreciated. Please let me know what information I can add to this.
@ottobackwards
Copy link
Contributor

Have you looked at the secure demo?
https://github.com/Chaffelson/nipyapi/blob/main/nipyapi/demo/secure_connection.py

@marcchanwork
Copy link
Author

marcchanwork commented Mar 22, 2024
edited

<Update 1>
@ottobackwards yes, I also supplemented the code from this similar issue: #319

nipyapi.config.default_ssl_context = {
    'ca_file':'/etc/nifi/truststore.pem',
    'client_cert_file': '/etc/nifi/machine.cer',
    'client_key_file': '/etc/nifi/machine..key',
}

nipyapi.utils.set_endpoint("https://server:8443/nifi-api", ssl=True, login=False, username=None, password=None)

which returns True

While running nipyapi.system.get_cluster() command, it returns
ValueError: Unable to view the controller. Contact the system administrator.

I have a login user "SCRIPT_USER", would it be possible to set as proxy user somewhere?

@ottobackwards
Copy link
Contributor

I am sorry, I don't know. The secure demo works ( or did the last I tried ). I suggest you see if you can get the demo working without your stuff, and if you can, then you can examine the differences between your setups maybe?

@Chaffelson
Copy link
Owner

In the linked ticket, the user uses the set_ssl_context call, rather than updating the default context.
Possibly there is some mismatch between the behaviours of the default vs. explicit functions here - can you please try with the approach in the linked ticket?

I don't think you need a proxy user for plain NiFi usage - that was traditionally for when you wanted NiFi to take actions on Registry as a pass-through.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ottobackwards @Chaffelson @marcchanwork