You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@nifi.apache.org by Nicolas Delsaux <ni...@gmx.fr> on 2019/07/18 13:36:11 UTC
ldap auth : error code 12 - Unavailable Critical Extension
Hello,
I'm trying to use LDAP authentication and am having a weird exception
nifi-runner_1 | 2019-07-18 13:26:03,076 INFO [main]
org.eclipse.jetty.server.Server Started @22069ms
nifi-runner_1 | 2019-07-18 13:26:03,080 WARN [main]
org.apache.nifi.web.server.JettyServer Failed to start web server...
shutting down.
nifi-runner_1 |
org.springframework.beans.factory.UnsatisfiedDependencyException: Error
creating bean with name
'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration':
Unsatisfied dependency expressed through method
'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is
org.springframework.beans.factory.BeanExpressionException: Expression
parsing failed; nested exception is
org.springframework.beans.factory.UnsatisfiedDependencyException: Error
creating bean with name
'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied
dependency expressed through method 'setJwtAuthenticationProvider'
parameter 0; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'jwtAuthenticationProvider' defined in class path
resource [nifi-web-security-context.xml]: Cannot resolve reference to
bean 'authorizer' while setting constructor argument; nested exception
is org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'authorizer': FactoryBean threw exception on
object creation; nested exception is
org.springframework.ldap.OperationNotSupportedException: [LDAP: error
code 12 - Unavailable Critical Extension]; nested exception is
javax.naming.OperationNotSupportedException: [LDAP: error code 12 -
Unavailable Critical Extension]; remaining name 'o=corp.mycompany.com'
nifi-runner_1 | at
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:666)
nifi-runner_1 | at
org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
nifi-runner_1 | at
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:366)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1269)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:551)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
nifi-runner_1 | at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
nifi-runner_1 | at
org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761)
nifi-runner_1 | at
org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:867)
nifi-runner_1 | at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:543)
nifi-runner_1 | at
org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:443)
nifi-runner_1 | at
org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:325)
nifi-runner_1 | at
org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
nifi-runner_1 | at
org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:953)
nifi-runner_1 | at
org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:558)
nifi-runner_1 | at
org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:918)
nifi-runner_1 | at
org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:370)
nifi-runner_1 | at
org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1497)
nifi-runner_1 | at
org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1459)
nifi-runner_1 | at
org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:848)
nifi-runner_1 | at
org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:287)
nifi-runner_1 | at
org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:545)
nifi-runner_1 | at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
nifi-runner_1 | at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
nifi-runner_1 | at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
nifi-runner_1 | at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
nifi-runner_1 | at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
nifi-runner_1 | at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
nifi-runner_1 | at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:108)
nifi-runner_1 | at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
nifi-runner_1 | at
org.eclipse.jetty.server.handler.gzip.GzipHandler.doStart(GzipHandler.java:403)
nifi-runner_1 | at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
nifi-runner_1 | at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
nifi-runner_1 | at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
nifi-runner_1 | at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
nifi-runner_1 | at
org.eclipse.jetty.server.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:167)
nifi-runner_1 | at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
nifi-runner_1 | at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
nifi-runner_1 | at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
nifi-runner_1 | at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
nifi-runner_1 | at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
nifi-runner_1 | at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
nifi-runner_1 | at
org.eclipse.jetty.server.Server.start(Server.java:419)
nifi-runner_1 | at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:108)
nifi-runner_1 | at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
nifi-runner_1 | at
org.eclipse.jetty.server.Server.doStart(Server.java:386)
nifi-runner_1 | at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
nifi-runner_1 | at
org.apache.nifi.web.server.JettyServer.start(JettyServer.java:935)
nifi-runner_1 | at org.apache.nifi.NiFi.<init>(NiFi.java:158)
nifi-runner_1 | at org.apache.nifi.NiFi.<init>(NiFi.java:72)
nifi-runner_1 | at org.apache.nifi.NiFi.main(NiFi.java:297)
nifi-runner_1 | Caused by:
org.springframework.beans.factory.BeanExpressionException: Expression
parsing failed; nested exception is
org.springframework.beans.factory.UnsatisfiedDependencyException: Error
creating bean with name
'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied
dependency expressed through method 'setJwtAuthenticationProvider'
parameter 0; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'jwtAuthenticationProvider' defined in class path
resource [nifi-web-security-context.xml]: Cannot resolve reference to
bean 'authorizer' while setting constructor argument; nested exception
is org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'authorizer': FactoryBean threw exception on
object creation; nested exception is
org.springframework.ldap.OperationNotSupportedException: [LDAP: error
code 12 - Unavailable Critical Extension]; nested exception is
javax.naming.OperationNotSupportedException: [LDAP: error code 12 -
Unavailable Critical Extension]; remaining name 'o=corp.mycompany.com'
nifi-runner_1 | at
org.springframework.context.expression.StandardBeanExpressionResolver.evaluate(StandardBeanExpressionResolver.java:163)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.evaluateBeanDefinitionString(AbstractBeanFactory.java:1454)
nifi-runner_1 | at
org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1086)
nifi-runner_1 | at
org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1064)
nifi-runner_1 | at
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:658)
nifi-runner_1 | ... 53 common frames omitted
nifi-runner_1 | Caused by:
org.springframework.beans.factory.UnsatisfiedDependencyException: Error
creating bean with name
'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied
dependency expressed through method 'setJwtAuthenticationProvider'
parameter 0; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'jwtAuthenticationProvider' defined in class path
resource [nifi-web-security-context.xml]: Cannot resolve reference to
bean 'authorizer' while setting constructor argument; nested exception
is org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'authorizer': FactoryBean threw exception on
object creation; nested exception is
org.springframework.ldap.OperationNotSupportedException: [LDAP: error
code 12 - Unavailable Critical Extension]; nested exception is
javax.naming.OperationNotSupportedException: [LDAP: error code 12 -
Unavailable Critical Extension]; remaining name 'o=corp.mycompany.com'
nifi-runner_1 | at
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:666)
nifi-runner_1 | at
org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
nifi-runner_1 | at
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:366)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1269)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:551)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
nifi-runner_1 | at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
nifi-runner_1 | at
org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:519)
nifi-runner_1 | at
org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:508)
nifi-runner_1 | at
org.springframework.security.config.annotation.web.configuration.AutowiredWebSecurityConfigurersIgnoreParents.getWebSecurityConfigurers(AutowiredWebSecurityConfigurersIgnoreParents.java:53)
nifi-runner_1 | at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
nifi-runner_1 | at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
nifi-runner_1 | at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
nifi-runner_1 | at java.lang.reflect.Method.invoke(Method.java:498)
nifi-runner_1 | at
org.springframework.expression.spel.support.ReflectiveMethodExecutor.execute(ReflectiveMethodExecutor.java:117)
nifi-runner_1 | at
org.springframework.expression.spel.ast.MethodReference.getValueInternal(MethodReference.java:134)
nifi-runner_1 | at
org.springframework.expression.spel.ast.MethodReference.access$000(MethodReference.java:52)
nifi-runner_1 | at
org.springframework.expression.spel.ast.MethodReference$MethodValueRef.getValue(MethodReference.java:377)
nifi-runner_1 | at
org.springframework.expression.spel.ast.CompoundExpression.getValueInternal(CompoundExpression.java:88)
nifi-runner_1 | at
org.springframework.expression.spel.ast.SpelNodeImpl.getValue(SpelNodeImpl.java:121)
nifi-runner_1 | at
org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:257)
nifi-runner_1 | at
org.springframework.context.expression.StandardBeanExpressionResolver.evaluate(StandardBeanExpressionResolver.java:160)
nifi-runner_1 | ... 57 common frames omitted
nifi-runner_1 | Caused by:
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'jwtAuthenticationProvider' defined in class path
resource [nifi-web-security-context.xml]: Cannot resolve reference to
bean 'authorizer' while setting constructor argument; nested exception
is org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'authorizer': FactoryBean threw exception on
object creation; nested exception is
org.springframework.ldap.OperationNotSupportedException: [LDAP: error
code 12 - Unavailable Critical Extension]; nested exception is
javax.naming.OperationNotSupportedException: [LDAP: error code 12 -
Unavailable Critical Extension]; remaining name 'o=corp.mycompany.com'
nifi-runner_1 | at
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359)
nifi-runner_1 | at
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
nifi-runner_1 | at
org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:634)
nifi-runner_1 | at
org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:145)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1198)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1100)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:511)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
nifi-runner_1 | at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
nifi-runner_1 | at
org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:208)
nifi-runner_1 | at
org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1136)
nifi-runner_1 | at
org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1064)
nifi-runner_1 | at
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:658)
nifi-runner_1 | ... 81 common frames omitted
nifi-runner_1 | Caused by:
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'authorizer': FactoryBean threw exception on object
creation; nested exception is
org.springframework.ldap.OperationNotSupportedException: [LDAP: error
code 12 - Unavailable Critical Extension]; nested exception is
javax.naming.OperationNotSupportedException: [LDAP: error code 12 -
Unavailable Critical Extension]; remaining name 'o=corp.mycompany.com'
nifi-runner_1 | at
org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:185)
nifi-runner_1 | at
org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1640)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:323)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
nifi-runner_1 | at
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
nifi-runner_1 | ... 96 common frames omitted
nifi-runner_1 | Caused by:
org.springframework.ldap.OperationNotSupportedException: [LDAP: error
code 12 - Unavailable Critical Extension]; nested exception is
javax.naming.OperationNotSupportedException: [LDAP: error code 12 -
Unavailable Critical Extension]; remaining name 'o=corp.mycompany.com'
nifi-runner_1 | at
org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:212)
nifi-runner_1 | at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:397)
nifi-runner_1 | at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:328)
nifi-runner_1 | at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:629)
nifi-runner_1 | at
org.apache.nifi.ldap.tenants.LdapUserGroupProvider.load(LdapUserGroupProvider.java:493)
nifi-runner_1 | at
org.apache.nifi.ldap.tenants.LdapUserGroupProvider.onConfigured(LdapUserGroupProvider.java:387)
nifi-runner_1 | at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
nifi-runner_1 | at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
nifi-runner_1 | at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
nifi-runner_1 | at java.lang.reflect.Method.invoke(Method.java:498)
nifi-runner_1 | at
org.apache.nifi.authorization.UserGroupProviderInvocationHandler.invoke(UserGroupProviderInvocationHandler.java:38)
nifi-runner_1 | at com.sun.proxy.$Proxy76.onConfigured(Unknown
Source)
nifi-runner_1 | at
org.apache.nifi.authorization.AuthorizerFactoryBean.getObject(AuthorizerFactoryBean.java:139)
nifi-runner_1 | at
org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:178)
nifi-runner_1 | ... 101 common frames omitted
nifi-runner_1 | Caused by: javax.naming.OperationNotSupportedException:
[LDAP: error code 12 - Unavailable Critical Extension]
nifi-runner_1 | at
com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3214)
nifi-runner_1 | at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
nifi-runner_1 | at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
nifi-runner_1 | at
com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
nifi-runner_1 | at
com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
nifi-runner_1 | at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
nifi-runner_1 | at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
nifi-runner_1 | at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
nifi-runner_1 | at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
nifi-runner_1 | at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
nifi-runner_1 | at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
nifi-runner_1 | at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
nifi-runner_1 | at java.lang.reflect.Method.invoke(Method.java:498)
nifi-runner_1 | at
org.springframework.ldap.core.support.SingleContextSource$NonClosingDirContextInvocationHandler.invoke(SingleContextSource.java:197)
nifi-runner_1 | at com.sun.proxy.$Proxy78.search(Unknown Source)
nifi-runner_1 | at
org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:322)
nifi-runner_1 | at
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:363)
nifi-runner_1 | ... 113 common frames omitted
it seems like the LDAP server i'm trying to talk to doesn't support some
of the queries i try to send him. But what <am i doing wrong ?
My authorizers.xml contains
<userGroupProvider>
<identifier>ldap-user-group-provider</identifier>
<class>org.apache.nifi.ldap.tenants.LdapUserGroupProvider</class>
<propertyname="Authentication Strategy">LDAPS</property>
<propertyname="Manager DN">myserviceaccount</property>
<propertyname="Manager Password">mypassword</property>
<propertyname="TLS - Keystore"></property>
<propertyname="TLS - Keystore Password"></property>
<propertyname="TLS - Keystore Type"></property>
<propertyname="TLS - Truststore">/opt/certs/cacerts.jks</property>
<propertyname="TLS - Truststore Password">changeit</property>
<propertyname="TLS - Truststore Type">JKS</property>
<propertyname="TLS - Client Auth"></property>
<propertyname="TLS - Protocol">TLSv1</property>
<propertyname="TLS - Shutdown Gracefully"></property>
<propertyname="Referral Strategy">FOLLOW</property>
<propertyname="Connect Timeout">10 secs</property>
<propertyname="Read Timeout">10 secs</property>
<propertyname="Url">ldaps://myserver.mycompany.com:636</property>
<propertyname="Page Size">0</property>
<propertyname="Sync Interval">30 mins</property>
<propertyname="User Search Base">o=corp.mycompany.com</property>
<propertyname="User Object Class">privPerson</property>
<propertyname="User Search Scope">SUBTREE</property>
<propertyname="User Search
Filter">(&(objectclass=privPerson)(uid={0}))</property>
<propertyname="User Identity Attribute">uid</property>
<propertyname="User Group Name Attribute"></property>
<propertyname="User Group Name Attribute - Referenced Group
Attribute"></property>
<propertyname="Group Search Base"></property>
<propertyname="Group Object Class">group</property>
<propertyname="Group Search Scope">ONE_LEVEL</property>
<propertyname="Group Search Filter"></property>
<propertyname="Group Name Attribute"></property>
<propertyname="Group Member Attribute"></property>
<propertyname="Group Member Attribute - Referenced User
Attribute"></property>
</userGroupProvider>
And my login-identity-providers contains
<provider>
<identifier>ldap-provider</identifier>
<class>org.apache.nifi.ldap.LdapProvider</class>
<propertyname="Authentication Strategy">LDAPS</property>
<propertyname="Manager DN">myserviceaccount</property>
<propertyname="Manager Password">mypassword</property>
<propertyname="TLS - Keystore"></property>
<propertyname="TLS - Keystore Password"></property>
<propertyname="TLS - Keystore Type"></property>
<propertyname="TLS - Truststore">/opt/certs/cacerts.jks</property>
<propertyname="TLS - Truststore Password">changeit</property>
<propertyname="TLS - Truststore Type">JKS</property>
<propertyname="TLS - Client Auth"></property>
<propertyname="TLS - Protocol">TLSv1</property>
<propertyname="TLS - Shutdown Gracefully"></property>
<propertyname="Referral Strategy">FOLLOW</property>
<propertyname="Connect Timeout">10 secs</property>
<propertyname="Read Timeout">10 secs</property>
<propertyname="Url">ldaps://myserver.mycompany.com:636</property>
<propertyname="User Search Base">o=corp.mycompany.com</property>
<propertyname="User Search
Filter">(&(objectclass=privPerson)(uid={0}))</property>
<propertyname="Identity Strategy">USE_DN</property>
<propertyname="Authentication Expiration">12 hours</property>
</provider>
Do you know what I did wrong ?
Thanks !
Re: ldap auth : error code 12 - Unavailable Critical Extension
Posted by Pierre Villard <pi...@gmail.com>.
Great, thanks for letting us know!
Pierre
Le jeu. 18 juil. 2019 à 17:15, Nicolas Delsaux <ni...@gmx.fr> a
écrit :
> Yes Pierre, I have made sure the organization was correct using another
> LDAP browser.
>
> Let me make sure by replaying the involved part of code.
>
> From that stack trace, the deeeper nifi code invocation is
>
> nifi-runner_1 | Caused by:
> org.springframework.ldap.OperationNotSupportedException: [LDAP: error code
> 12 - Unavailable Critical Extension]; nested exception is
> javax.naming.OperationNotSupportedException: [LDAP: error code 12 -
> Unavailable Critical Extension]; remaining name 'o=corp.mycompany.com'
> nifi-runner_1 | at
> org.apache.nifi.ldap.tenants.LdapUserGroupProvider.load(LdapUserGroupProvider.java:493)
> nifi-runner_1 | at
> org.apache.nifi.ldap.tenants.LdapUserGroupProvider.onConfigured(LdapUserGroupProvider.java:387)
>
> which seems to load user from ldap.
>
> More precisely, the error line seems to be
>
> userList.addAll(ldapTemplate.search(userSearchBase,
> userFilter.encode(), userControls, new AbstractContextMapper<User>() {
> where
>
> - userSearchBase is "o=corp.mycompany.com"
>
> - userFilter is
> (&(objectclass=privPerson)(&(objectclass=privPerson)(uid={0}))) yup, a
> redundant condition, so I've changed the search filter
>
>
> So, after having talked with the LDAP team in mycompany, we finally
> discovered the LDAP directory didn't support the paging mechanism
> implemented in Nifi. I removed the paging attribute, and it worked !
> Le 18/07/2019 à 15:54, Pierre Villard a écrit :
>
> Hi Nicolas,
>
> It looks like a LDAP issue: LDAP: error code 12 - Unavailable Critical
> Extension.
> Are you sure about the LDAP tree structure you have? is the organization
> correct 'o=corp.mycompany.com'?
>
> Thanks,
> Pierre
>
> Le jeu. 18 juil. 2019 à 15:36, Nicolas Delsaux <ni...@gmx.fr> a
> écrit :
>
>> Hello,
>>
>> I'm trying to use LDAP authentication and am having a weird exception
>>
>>
>> nifi-runner_1 | 2019-07-18 13:26:03,076 INFO [main]
>> org.eclipse.jetty.server.Server Started @22069ms
>> nifi-runner_1 | 2019-07-18 13:26:03,080 WARN [main]
>> org.apache.nifi.web.server.JettyServer Failed to start web server...
>> shutting down.
>> nifi-runner_1 |
>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
>> creating bean with name
>> 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration':
>> Unsatisfied dependency expressed through method
>> 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is
>> org.springframework.beans.factory.BeanExpressionException: Expression
>> parsing failed; nested exception is
>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
>> creating bean with name
>> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied
>> dependency expressed through method 'setJwtAuthenticationProvider'
>> parameter 0; nested exception is
>> org.springframework.beans.factory.BeanCreationException: Error creating
>> bean with name 'jwtAuthenticationProvider' defined in class path resource
>> [nifi-web-security-context.xml]: Cannot resolve reference to bean
>> 'authorizer' while setting constructor argument; nested exception is
>> org.springframework.beans.factory.BeanCreationException: Error creating
>> bean with name 'authorizer': FactoryBean threw exception on object
>> creation; nested exception is
>> org.springframework.ldap.OperationNotSupportedException: [LDAP: error code
>> 12 - Unavailable Critical Extension]; nested exception is
>> javax.naming.OperationNotSupportedException: [LDAP: error code 12 -
>> Unavailable Critical Extension]; remaining name 'o=corp.mycompany.com'
>> nifi-runner_1 | at
>> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:666)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:366)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1269)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:551)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761)
>> nifi-runner_1 | at
>> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:867)
>>
>> nifi-runner_1 | at
>> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:543)
>> nifi-runner_1 | at
>> org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:443)
>> nifi-runner_1 | at
>> org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:325)
>> nifi-runner_1 | at
>> org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
>> nifi-runner_1 | at
>> org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:953)
>> nifi-runner_1 | at
>> org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:558)
>> nifi-runner_1 | at
>> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:918)
>> nifi-runner_1 | at
>> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:370)
>> nifi-runner_1 | at
>> org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1497)
>> nifi-runner_1 | at
>> org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1459)
>> nifi-runner_1 | at
>> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:848)
>> nifi-runner_1 | at
>> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:287)
>> nifi-runner_1 | at
>> org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:545)
>> nifi-runner_1 | at
>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>> nifi-runner_1 | at
>> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
>> nifi-runner_1 | at
>> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
>> nifi-runner_1 | at
>> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
>> nifi-runner_1 | at
>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>> nifi-runner_1 | at
>> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
>> nifi-runner_1 | at
>> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:108)
>> nifi-runner_1 | at
>> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
>> nifi-runner_1 | at
>> org.eclipse.jetty.server.handler.gzip.GzipHandler.doStart(GzipHandler.java:403)
>> nifi-runner_1 | at
>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>> nifi-runner_1 | at
>> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
>> nifi-runner_1 | at
>> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
>> nifi-runner_1 | at
>> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
>> nifi-runner_1 | at
>> org.eclipse.jetty.server.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:167)
>> nifi-runner_1 | at
>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>> nifi-runner_1 | at
>> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
>> nifi-runner_1 | at
>> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
>> nifi-runner_1 | at
>> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
>> nifi-runner_1 | at
>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>> nifi-runner_1 | at
>> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
>> nifi-runner_1 | at
>> org.eclipse.jetty.server.Server.start(Server.java:419)
>> nifi-runner_1 | at
>> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:108)
>> nifi-runner_1 | at
>> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
>> nifi-runner_1 | at
>> org.eclipse.jetty.server.Server.doStart(Server.java:386)
>> nifi-runner_1 | at
>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
>> nifi-runner_1 | at
>> org.apache.nifi.web.server.JettyServer.start(JettyServer.java:935)
>> nifi-runner_1 | at org.apache.nifi.NiFi.<init>(NiFi.java:158)
>> nifi-runner_1 | at org.apache.nifi.NiFi.<init>(NiFi.java:72)
>> nifi-runner_1 | at org.apache.nifi.NiFi.main(NiFi.java:297)
>> nifi-runner_1 | Caused by:
>> org.springframework.beans.factory.BeanExpressionException: Expression
>> parsing failed; nested exception is
>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
>> creating bean with name
>> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied
>> dependency expressed through method 'setJwtAuthenticationProvider'
>> parameter 0; nested exception is
>> org.springframework.beans.factory.BeanCreationException: Error creating
>> bean with name 'jwtAuthenticationProvider' defined in class path resource
>> [nifi-web-security-context.xml]: Cannot resolve reference to bean
>> 'authorizer' while setting constructor argument; nested exception is
>> org.springframework.beans.factory.BeanCreationException: Error creating
>> bean with name 'authorizer': FactoryBean threw exception on object
>> creation; nested exception is
>> org.springframework.ldap.OperationNotSupportedException: [LDAP: error code
>> 12 - Unavailable Critical Extension]; nested exception is
>> javax.naming.OperationNotSupportedException: [LDAP: error code 12 -
>> Unavailable Critical Extension]; remaining name 'o=corp.mycompany.com'
>> nifi-runner_1 | at
>> org.springframework.context.expression.StandardBeanExpressionResolver.evaluate(StandardBeanExpressionResolver.java:163)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractBeanFactory.evaluateBeanDefinitionString(AbstractBeanFactory.java:1454)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1086)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1064)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:658)
>> nifi-runner_1 | ... 53 common frames omitted
>> nifi-runner_1 | Caused by:
>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
>> creating bean with name
>> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied
>> dependency expressed through method 'setJwtAuthenticationProvider'
>> parameter 0; nested exception is
>> org.springframework.beans.factory.BeanCreationException: Error creating
>> bean with name 'jwtAuthenticationProvider' defined in class path resource
>> [nifi-web-security-context.xml]: Cannot resolve reference to bean
>> 'authorizer' while setting constructor argument; nested exception is
>> org.springframework.beans.factory.BeanCreationException: Error creating
>> bean with name 'authorizer': FactoryBean threw exception on object
>> creation; nested exception is
>> org.springframework.ldap.OperationNotSupportedException: [LDAP: error code
>> 12 - Unavailable Critical Extension]; nested exception is
>> javax.naming.OperationNotSupportedException: [LDAP: error code 12 -
>> Unavailable Critical Extension]; remaining name 'o=corp.mycompany.com'
>> nifi-runner_1 | at
>> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:666)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:366)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1269)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:551)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:519)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:508)
>> nifi-runner_1 | at
>> org.springframework.security.config.annotation.web.configuration.AutowiredWebSecurityConfigurersIgnoreParents.getWebSecurityConfigurers(AutowiredWebSecurityConfigurersIgnoreParents.java:53)
>> nifi-runner_1 | at
>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> nifi-runner_1 | at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> nifi-runner_1 | at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> nifi-runner_1 | at
>> java.lang.reflect.Method.invoke(Method.java:498)
>> nifi-runner_1 | at
>> org.springframework.expression.spel.support.ReflectiveMethodExecutor.execute(ReflectiveMethodExecutor.java:117)
>> nifi-runner_1 | at
>> org.springframework.expression.spel.ast.MethodReference.getValueInternal(MethodReference.java:134)
>> nifi-runner_1 | at
>> org.springframework.expression.spel.ast.MethodReference.access$000(MethodReference.java:52)
>> nifi-runner_1 | at
>> org.springframework.expression.spel.ast.MethodReference$MethodValueRef.getValue(MethodReference.java:377)
>> nifi-runner_1 | at
>> org.springframework.expression.spel.ast.CompoundExpression.getValueInternal(CompoundExpression.java:88)
>> nifi-runner_1 | at
>> org.springframework.expression.spel.ast.SpelNodeImpl.getValue(SpelNodeImpl.java:121)
>> nifi-runner_1 | at
>> org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:257)
>> nifi-runner_1 | at
>> org.springframework.context.expression.StandardBeanExpressionResolver.evaluate(StandardBeanExpressionResolver.java:160)
>> nifi-runner_1 | ... 57 common frames omitted
>> nifi-runner_1 | Caused by:
>> org.springframework.beans.factory.BeanCreationException: Error creating
>> bean with name 'jwtAuthenticationProvider' defined in class path resource
>> [nifi-web-security-context.xml]: Cannot resolve reference to bean
>> 'authorizer' while setting constructor argument; nested exception is
>> org.springframework.beans.factory.BeanCreationException: Error creating
>> bean with name 'authorizer': FactoryBean threw exception on object
>> creation; nested exception is
>> org.springframework.ldap.OperationNotSupportedException: [LDAP: error code
>> 12 - Unavailable Critical Extension]; nested exception is
>> javax.naming.OperationNotSupportedException: [LDAP: error code 12 -
>> Unavailable Critical Extension]; remaining name 'o=corp.mycompany.com'
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
>>
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:634)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:145)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1198)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1100)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:511)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:208)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1136)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1064)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:658)
>> nifi-runner_1 | ... 81 common frames omitted
>> nifi-runner_1 | Caused by:
>> org.springframework.beans.factory.BeanCreationException: Error creating
>> bean with name 'authorizer': FactoryBean threw exception on object
>> creation; nested exception is
>> org.springframework.ldap.OperationNotSupportedException: [LDAP: error code
>> 12 - Unavailable Critical Extension]; nested exception is
>> javax.naming.OperationNotSupportedException: [LDAP: error code 12 -
>> Unavailable Critical Extension]; remaining name 'o=corp.mycompany.com'
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:185)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1640)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:323)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
>> nifi-runner_1 | ... 96 common frames omitted
>> nifi-runner_1 | Caused by:
>> org.springframework.ldap.OperationNotSupportedException: [LDAP: error code
>> 12 - Unavailable Critical Extension]; nested exception is
>> javax.naming.OperationNotSupportedException: [LDAP: error code 12 -
>> Unavailable Critical Extension]; remaining name 'o=corp.mycompany.com'
>> nifi-runner_1 | at
>> org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:212)
>> nifi-runner_1 | at
>> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:397)
>> nifi-runner_1 | at
>> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:328)
>> nifi-runner_1 | at
>> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:629)
>> nifi-runner_1 | at
>> org.apache.nifi.ldap.tenants.LdapUserGroupProvider.load(LdapUserGroupProvider.java:493)
>> nifi-runner_1 | at
>> org.apache.nifi.ldap.tenants.LdapUserGroupProvider.onConfigured(LdapUserGroupProvider.java:387)
>> nifi-runner_1 | at
>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> nifi-runner_1 | at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> nifi-runner_1 | at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> nifi-runner_1 | at
>> java.lang.reflect.Method.invoke(Method.java:498)
>> nifi-runner_1 | at
>> org.apache.nifi.authorization.UserGroupProviderInvocationHandler.invoke(UserGroupProviderInvocationHandler.java:38)
>> nifi-runner_1 | at com.sun.proxy.$Proxy76.onConfigured(Unknown
>> Source)
>> nifi-runner_1 | at
>> org.apache.nifi.authorization.AuthorizerFactoryBean.getObject(AuthorizerFactoryBean.java:139)
>> nifi-runner_1 | at
>> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:178)
>> nifi-runner_1 | ... 101 common frames omitted
>> nifi-runner_1 | Caused by: javax.naming.OperationNotSupportedException:
>> [LDAP: error code 12 - Unavailable Critical Extension]
>> nifi-runner_1 | at
>> com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3214)
>> nifi-runner_1 | at
>> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
>> nifi-runner_1 | at
>> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
>> nifi-runner_1 | at
>> com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
>> nifi-runner_1 | at
>> com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
>> nifi-runner_1 | at
>> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
>> nifi-runner_1 | at
>> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
>> nifi-runner_1 | at
>> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
>> nifi-runner_1 | at
>> javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
>> nifi-runner_1 | at
>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> nifi-runner_1 | at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> nifi-runner_1 | at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> nifi-runner_1 | at
>> java.lang.reflect.Method.invoke(Method.java:498)
>> nifi-runner_1 | at
>> org.springframework.ldap.core.support.SingleContextSource$NonClosingDirContextInvocationHandler.invoke(SingleContextSource.java:197)
>> nifi-runner_1 | at com.sun.proxy.$Proxy78.search(Unknown Source)
>> nifi-runner_1 | at
>> org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:322)
>> nifi-runner_1 | at
>> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:363)
>> nifi-runner_1 | ... 113 common frames omitted
>>
>>
>> it seems like the LDAP server i'm trying to talk to doesn't support some
>> of the queries i try to send him. But what <am i doing wrong ?
>>
>>
>> My authorizers.xml contains
>> <userGroupProvider>
>> <identifier>ldap-user-group-provider</identifier>
>> <class>org.apache.nifi.ldap.tenants.LdapUserGroupProvider</class>
>> <property name="Authentication Strategy">LDAPS</property>
>> <property name="Manager DN">myserviceaccount</property>
>> <property name="Manager Password">mypassword</property>
>> <property name="TLS - Keystore"></property>
>> <property name="TLS - Keystore Password"></property>
>> <property name="TLS - Keystore Type"></property>
>> <property name="TLS - Truststore">/opt/certs/cacerts.jks</property>
>> <property name="TLS - Truststore Password">changeit</property>
>> <property name="TLS - Truststore Type">JKS</property>
>> <property name="TLS - Client Auth"></property>
>> <property name="TLS - Protocol">TLSv1</property>
>> <property name="TLS - Shutdown Gracefully"></property>
>> <property name="Referral Strategy">FOLLOW</property>
>> <property name="Connect Timeout">10 secs</property>
>> <property name="Read Timeout">10 secs</property>
>> <property name="Url">ldaps://myserver.mycompany.com:636</property>
>> <property name="Page Size">0</property>
>> <property name="Sync Interval">30 mins</property>
>> <property name="User Search Base">o=corp.mycompany.com</property>
>> <property name="User Object Class">privPerson</property>
>> <property name="User Search Scope">SUBTREE</property>
>> <property name="User Search Filter">(&
>> (objectclass=privPerson)(uid={0}))</property>
>> <property name="User Identity Attribute">uid</property>
>> <property name="User Group Name Attribute"></property>
>> <property name="User Group Name Attribute - Referenced Group Attribute"
>> ></property>
>> <property name="Group Search Base"></property>
>> <property name="Group Object Class">group</property>
>> <property name="Group Search Scope">ONE_LEVEL</property>
>> <property name="Group Search Filter"></property>
>> <property name="Group Name Attribute"></property>
>> <property name="Group Member Attribute"></property>
>> <property name="Group Member Attribute - Referenced User Attribute"></
>> property>
>> </userGroupProvider>
>>
>> And my login-identity-providers contains
>>
>>
>> <provider>
>> <identifier>ldap-provider</identifier>
>> <class>org.apache.nifi.ldap.LdapProvider</class>
>> <property name="Authentication Strategy">LDAPS</property>
>> <property name="Manager DN">myserviceaccount</property>
>> <property name="Manager Password">mypassword</property>
>> <property name="TLS - Keystore"></property>
>> <property name="TLS - Keystore Password"></property>
>> <property name="TLS - Keystore Type"></property>
>> <property name="TLS - Truststore">/opt/certs/cacerts.jks</property>
>> <property name="TLS - Truststore Password">changeit</property>
>> <property name="TLS - Truststore Type">JKS</property>
>> <property name="TLS - Client Auth"></property>
>> <property name="TLS - Protocol">TLSv1</property>
>> <property name="TLS - Shutdown Gracefully"></property>
>> <property name="Referral Strategy">FOLLOW</property>
>> <property name="Connect Timeout">10 secs</property>
>> <property name="Read Timeout">10 secs</property>
>> <property name="Url">ldaps://myserver.mycompany.com:636</property>
>> <property name="User Search Base">o=corp.mycompany.com</property>
>> <property name="User Search Filter">(&
>> (objectclass=privPerson)(uid={0}))</property>
>> <property name="Identity Strategy">USE_DN</property>
>> <property name="Authentication Expiration">12 hours</property>
>> </provider>
>>
>>
>> Do you know what I did wrong ?
>>
>>
>> Thanks !
>>
>
Re: ldap auth : error code 12 - Unavailable Critical Extension
Posted by Nicolas Delsaux <ni...@gmx.fr>.
Yes Pierre, I have made sure the organization was correct using another
LDAP browser.
Let me make sure by replaying the involved part of code.
From that stack trace, the deeeper nifi code invocation is
nifi-runner_1 | Caused by:
org.springframework.ldap.OperationNotSupportedException: [LDAP: error
code 12 - Unavailable Critical Extension]; nested exception is
javax.naming.OperationNotSupportedException: [LDAP: error code 12 -
Unavailable Critical Extension]; remaining name 'o=corp.mycompany.com'
nifi-runner_1 | at
org.apache.nifi.ldap.tenants.LdapUserGroupProvider.load(LdapUserGroupProvider.java:493)
nifi-runner_1 | at
org.apache.nifi.ldap.tenants.LdapUserGroupProvider.onConfigured(LdapUserGroupProvider.java:387)
which seems to load user from ldap.
More precisely, the error line seems to be
userList.addAll(ldapTemplate.search(userSearchBase, userFilter.encode(),
userControls, new AbstractContextMapper<User>() {
where
- userSearchBase is "o=corp.mycompany.com"
- userFilter is
(&(objectclass=privPerson)(&(objectclass=privPerson)(uid={0}))) yup, a
redundant condition, so I've changed the search filter
So, after having talked with the LDAP team in mycompany, we finally
discovered the LDAP directory didn't support the paging mechanism
implemented in Nifi. I removed the paging attribute, and it worked !
Le 18/07/2019 à 15:54, Pierre Villard a écrit :
> Hi Nicolas,
>
> It looks like a LDAP issue: LDAP: error code 12 - Unavailable Critical
> Extension.
> Are you sure about the LDAP tree structure you have? is the
> organization correct 'o=corp.mycompany.com <http://corp.mycompany.com/>'?
>
> Thanks,
> Pierre
>
> Le jeu. 18 juil. 2019 à 15:36, Nicolas Delsaux <nicolas.delsaux@gmx.fr
> <ma...@gmx.fr>> a écrit :
>
> Hello,
>
> I'm trying to use LDAP authentication and am having a weird exception
>
>
> nifi-runner_1 | 2019-07-18 13:26:03,076 INFO [main]
> org.eclipse.jetty.server.Server Started @22069ms
> nifi-runner_1 | 2019-07-18 13:26:03,080 WARN [main]
> org.apache.nifi.web.server.JettyServer Failed to start web
> server... shutting down.
> nifi-runner_1 |
> org.springframework.beans.factory.UnsatisfiedDependencyException:
> Error creating bean with name
> 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration':
> Unsatisfied dependency expressed through method
> 'setFilterChainProxySecurityConfigurer' parameter 1; nested
> exception is
> org.springframework.beans.factory.BeanExpressionException:
> Expression parsing failed; nested exception is
> org.springframework.beans.factory.UnsatisfiedDependencyException:
> Error creating bean with name
> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied
> dependency expressed through method 'setJwtAuthenticationProvider'
> parameter 0; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'jwtAuthenticationProvider' defined in
> class path resource [nifi-web-security-context.xml]: Cannot
> resolve reference to bean 'authorizer' while setting constructor
> argument; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'authorizer': FactoryBean threw exception
> on object creation; nested exception is
> org.springframework.ldap.OperationNotSupportedException: [LDAP:
> error code 12 - Unavailable Critical Extension]; nested exception
> is javax.naming.OperationNotSupportedException: [LDAP: error code
> 12 - Unavailable Critical Extension]; remaining name
> 'o=corp.mycompany.com <http://corp.mycompany.com>'
> nifi-runner_1 | at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:666)
> nifi-runner_1 | at
> org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
> nifi-runner_1 | at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:366)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1269)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:551)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761)
> nifi-runner_1 | at
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:867)
>
> nifi-runner_1 | at
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:543)
> nifi-runner_1 | at
> org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:443)
> nifi-runner_1 | at
> org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:325)
> nifi-runner_1 | at
> org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
> nifi-runner_1 | at
> org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:953)
> nifi-runner_1 | at
> org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:558)
> nifi-runner_1 | at
> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:918)
> nifi-runner_1 | at
> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:370)
> nifi-runner_1 | at
> org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1497)
> nifi-runner_1 | at
> org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1459)
> nifi-runner_1 | at
> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:848)
> nifi-runner_1 | at
> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:287)
> nifi-runner_1 | at
> org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:545)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
> nifi-runner_1 | at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:108)
> nifi-runner_1 | at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
> nifi-runner_1 | at
> org.eclipse.jetty.server.handler.gzip.GzipHandler.doStart(GzipHandler.java:403)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
> nifi-runner_1 | at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
> nifi-runner_1 | at
> org.eclipse.jetty.server.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:167)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
> nifi-runner_1 | at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
> nifi-runner_1 | at
> org.eclipse.jetty.server.Server.start(Server.java:419)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:108)
> nifi-runner_1 | at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
> nifi-runner_1 | at
> org.eclipse.jetty.server.Server.doStart(Server.java:386)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
> nifi-runner_1 | at
> org.apache.nifi.web.server.JettyServer.start(JettyServer.java:935)
> nifi-runner_1 | at org.apache.nifi.NiFi.<init>(NiFi.java:158)
> nifi-runner_1 | at org.apache.nifi.NiFi.<init>(NiFi.java:72)
> nifi-runner_1 | at org.apache.nifi.NiFi.main(NiFi.java:297)
> nifi-runner_1 | Caused by:
> org.springframework.beans.factory.BeanExpressionException:
> Expression parsing failed; nested exception is
> org.springframework.beans.factory.UnsatisfiedDependencyException:
> Error creating bean with name
> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied
> dependency expressed through method 'setJwtAuthenticationProvider'
> parameter 0; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'jwtAuthenticationProvider' defined in
> class path resource [nifi-web-security-context.xml]: Cannot
> resolve reference to bean 'authorizer' while setting constructor
> argument; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'authorizer': FactoryBean threw exception
> on object creation; nested exception is
> org.springframework.ldap.OperationNotSupportedException: [LDAP:
> error code 12 - Unavailable Critical Extension]; nested exception
> is javax.naming.OperationNotSupportedException: [LDAP: error code
> 12 - Unavailable Critical Extension]; remaining name
> 'o=corp.mycompany.com <http://corp.mycompany.com>'
> nifi-runner_1 | at
> org.springframework.context.expression.StandardBeanExpressionResolver.evaluate(StandardBeanExpressionResolver.java:163)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.evaluateBeanDefinitionString(AbstractBeanFactory.java:1454)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1086)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1064)
> nifi-runner_1 | at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:658)
> nifi-runner_1 | ... 53 common frames omitted
> nifi-runner_1 | Caused by:
> org.springframework.beans.factory.UnsatisfiedDependencyException:
> Error creating bean with name
> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied
> dependency expressed through method 'setJwtAuthenticationProvider'
> parameter 0; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'jwtAuthenticationProvider' defined in
> class path resource [nifi-web-security-context.xml]: Cannot
> resolve reference to bean 'authorizer' while setting constructor
> argument; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'authorizer': FactoryBean threw exception
> on object creation; nested exception is
> org.springframework.ldap.OperationNotSupportedException: [LDAP:
> error code 12 - Unavailable Critical Extension]; nested exception
> is javax.naming.OperationNotSupportedException: [LDAP: error code
> 12 - Unavailable Critical Extension]; remaining name
> 'o=corp.mycompany.com <http://corp.mycompany.com>'
> nifi-runner_1 | at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:666)
> nifi-runner_1 | at
> org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
> nifi-runner_1 | at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:366)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1269)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:551)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:519)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:508)
> nifi-runner_1 | at
> org.springframework.security.config.annotation.web.configuration.AutowiredWebSecurityConfigurersIgnoreParents.getWebSecurityConfigurers(AutowiredWebSecurityConfigurersIgnoreParents.java:53)
> nifi-runner_1 | at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> nifi-runner_1 | at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> nifi-runner_1 | at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> nifi-runner_1 | at
> java.lang.reflect.Method.invoke(Method.java:498)
> nifi-runner_1 | at
> org.springframework.expression.spel.support.ReflectiveMethodExecutor.execute(ReflectiveMethodExecutor.java:117)
> nifi-runner_1 | at
> org.springframework.expression.spel.ast.MethodReference.getValueInternal(MethodReference.java:134)
> nifi-runner_1 | at
> org.springframework.expression.spel.ast.MethodReference.access$000(MethodReference.java:52)
> nifi-runner_1 | at
> org.springframework.expression.spel.ast.MethodReference$MethodValueRef.getValue(MethodReference.java:377)
> nifi-runner_1 | at
> org.springframework.expression.spel.ast.CompoundExpression.getValueInternal(CompoundExpression.java:88)
> nifi-runner_1 | at
> org.springframework.expression.spel.ast.SpelNodeImpl.getValue(SpelNodeImpl.java:121)
> nifi-runner_1 | at
> org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:257)
> nifi-runner_1 | at
> org.springframework.context.expression.StandardBeanExpressionResolver.evaluate(StandardBeanExpressionResolver.java:160)
> nifi-runner_1 | ... 57 common frames omitted
> nifi-runner_1 | Caused by:
> org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'jwtAuthenticationProvider' defined in
> class path resource [nifi-web-security-context.xml]: Cannot
> resolve reference to bean 'authorizer' while setting constructor
> argument; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'authorizer': FactoryBean threw exception
> on object creation; nested exception is
> org.springframework.ldap.OperationNotSupportedException: [LDAP:
> error code 12 - Unavailable Critical Extension]; nested exception
> is javax.naming.OperationNotSupportedException: [LDAP: error code
> 12 - Unavailable Critical Extension]; remaining name
> 'o=corp.mycompany.com <http://corp.mycompany.com>'
> nifi-runner_1 | at
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
>
> nifi-runner_1 | at
> org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:634)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:145)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1198)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1100)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:511)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
> nifi-runner_1 | at
> org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:208)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1136)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1064)
> nifi-runner_1 | at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:658)
> nifi-runner_1 | ... 81 common frames omitted
> nifi-runner_1 | Caused by:
> org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'authorizer': FactoryBean threw exception
> on object creation; nested exception is
> org.springframework.ldap.OperationNotSupportedException: [LDAP:
> error code 12 - Unavailable Critical Extension]; nested exception
> is javax.naming.OperationNotSupportedException: [LDAP: error code
> 12 - Unavailable Critical Extension]; remaining name
> 'o=corp.mycompany.com <http://corp.mycompany.com>'
> nifi-runner_1 | at
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:185)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1640)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:323)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
> nifi-runner_1 | ... 96 common frames omitted
> nifi-runner_1 | Caused by:
> org.springframework.ldap.OperationNotSupportedException: [LDAP:
> error code 12 - Unavailable Critical Extension]; nested exception
> is javax.naming.OperationNotSupportedException: [LDAP: error code
> 12 - Unavailable Critical Extension]; remaining name
> 'o=corp.mycompany.com <http://corp.mycompany.com>'
> nifi-runner_1 | at
> org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:212)
> nifi-runner_1 | at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:397)
> nifi-runner_1 | at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:328)
> nifi-runner_1 | at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:629)
> nifi-runner_1 | at
> org.apache.nifi.ldap.tenants.LdapUserGroupProvider.load(LdapUserGroupProvider.java:493)
> nifi-runner_1 | at
> org.apache.nifi.ldap.tenants.LdapUserGroupProvider.onConfigured(LdapUserGroupProvider.java:387)
> nifi-runner_1 | at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> nifi-runner_1 | at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> nifi-runner_1 | at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> nifi-runner_1 | at
> java.lang.reflect.Method.invoke(Method.java:498)
> nifi-runner_1 | at
> org.apache.nifi.authorization.UserGroupProviderInvocationHandler.invoke(UserGroupProviderInvocationHandler.java:38)
> nifi-runner_1 | at
> com.sun.proxy.$Proxy76.onConfigured(Unknown Source)
> nifi-runner_1 | at
> org.apache.nifi.authorization.AuthorizerFactoryBean.getObject(AuthorizerFactoryBean.java:139)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:178)
> nifi-runner_1 | ... 101 common frames omitted
> nifi-runner_1 | Caused by:
> javax.naming.OperationNotSupportedException: [LDAP: error code 12
> - Unavailable Critical Extension]
> nifi-runner_1 | at
> com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3214)
> nifi-runner_1 | at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
> nifi-runner_1 | at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
> nifi-runner_1 | at
> com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
> nifi-runner_1 | at
> com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
> nifi-runner_1 | at
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
> nifi-runner_1 | at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
> nifi-runner_1 | at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
> nifi-runner_1 | at
> javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
> nifi-runner_1 | at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> nifi-runner_1 | at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> nifi-runner_1 | at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> nifi-runner_1 | at
> java.lang.reflect.Method.invoke(Method.java:498)
> nifi-runner_1 | at
> org.springframework.ldap.core.support.SingleContextSource$NonClosingDirContextInvocationHandler.invoke(SingleContextSource.java:197)
> nifi-runner_1 | at com.sun.proxy.$Proxy78.search(Unknown
> Source)
> nifi-runner_1 | at
> org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:322)
> nifi-runner_1 | at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:363)
> nifi-runner_1 | ... 113 common frames omitted
>
>
> it seems like the LDAP server i'm trying to talk to doesn't
> support some of the queries i try to send him. But what <am i
> doing wrong ?
>
>
> My authorizers.xml contains
>
> <userGroupProvider>
> <identifier>ldap-user-group-provider</identifier>
> <class>org.apache.nifi.ldap.tenants.LdapUserGroupProvider</class>
> <propertyname="Authentication Strategy">LDAPS</property>
> <propertyname="Manager DN">myserviceaccount</property>
> <propertyname="Manager Password">mypassword</property>
> <propertyname="TLS - Keystore"></property>
> <propertyname="TLS - Keystore Password"></property>
> <propertyname="TLS - Keystore Type"></property>
> <propertyname="TLS - Truststore">/opt/certs/cacerts.jks</property>
> <propertyname="TLS - Truststore Password">changeit</property>
> <propertyname="TLS - Truststore Type">JKS</property>
> <propertyname="TLS - Client Auth"></property>
> <propertyname="TLS - Protocol">TLSv1</property>
> <propertyname="TLS - Shutdown Gracefully"></property>
> <propertyname="Referral Strategy">FOLLOW</property>
> <propertyname="Connect Timeout">10 secs</property>
> <propertyname="Read Timeout">10 secs</property>
> <propertyname="Url">ldaps://myserver.mycompany.com:636</property>
> <propertyname="Page Size">0</property>
> <propertyname="Sync Interval">30 mins</property>
> <propertyname="User Search Base">o=corp.mycompany.com
> <http://corp.mycompany.com></property>
> <propertyname="User Object Class">privPerson</property>
> <propertyname="User Search Scope">SUBTREE</property>
> <propertyname="User Search
> Filter">(&(objectclass=privPerson)(uid={0}))</property>
> <propertyname="User Identity Attribute">uid</property>
> <propertyname="User Group Name Attribute"></property>
> <propertyname="User Group Name Attribute - Referenced Group
> Attribute"></property>
> <propertyname="Group Search Base"></property>
> <propertyname="Group Object Class">group</property>
> <propertyname="Group Search Scope">ONE_LEVEL</property>
> <propertyname="Group Search Filter"></property>
> <propertyname="Group Name Attribute"></property>
> <propertyname="Group Member Attribute"></property>
> <propertyname="Group Member Attribute - Referenced User
> Attribute"></property>
> </userGroupProvider>
>
> And my login-identity-providers contains
>
>
> <provider>
> <identifier>ldap-provider</identifier>
> <class>org.apache.nifi.ldap.LdapProvider</class>
> <propertyname="Authentication Strategy">LDAPS</property>
> <propertyname="Manager DN">myserviceaccount</property>
> <propertyname="Manager Password">mypassword</property>
> <propertyname="TLS - Keystore"></property>
> <propertyname="TLS - Keystore Password"></property>
> <propertyname="TLS - Keystore Type"></property>
> <propertyname="TLS - Truststore">/opt/certs/cacerts.jks</property>
> <propertyname="TLS - Truststore Password">changeit</property>
> <propertyname="TLS - Truststore Type">JKS</property>
> <propertyname="TLS - Client Auth"></property>
> <propertyname="TLS - Protocol">TLSv1</property>
> <propertyname="TLS - Shutdown Gracefully"></property>
> <propertyname="Referral Strategy">FOLLOW</property>
> <propertyname="Connect Timeout">10 secs</property>
> <propertyname="Read Timeout">10 secs</property>
> <propertyname="Url">ldaps://myserver.mycompany.com:636</property>
> <propertyname="User Search Base">o=corp.mycompany.com
> <http://corp.mycompany.com></property>
> <propertyname="User Search
> Filter">(&(objectclass=privPerson)(uid={0}))</property>
> <propertyname="Identity Strategy">USE_DN</property>
> <propertyname="Authentication Expiration">12 hours</property>
> </provider>
>
>
> Do you know what I did wrong ?
>
>
> Thanks !
>
Re: ldap auth : error code 12 - Unavailable Critical Extension
Posted by Pierre Villard <pi...@gmail.com>.
Hi Nicolas,
It looks like a LDAP issue: LDAP: error code 12 - Unavailable Critical
Extension.
Are you sure about the LDAP tree structure you have? is the organization
correct 'o=corp.mycompany.com'?
Thanks,
Pierre
Le jeu. 18 juil. 2019 à 15:36, Nicolas Delsaux <ni...@gmx.fr> a
écrit :
> Hello,
>
> I'm trying to use LDAP authentication and am having a weird exception
>
>
> nifi-runner_1 | 2019-07-18 13:26:03,076 INFO [main]
> org.eclipse.jetty.server.Server Started @22069ms
> nifi-runner_1 | 2019-07-18 13:26:03,080 WARN [main]
> org.apache.nifi.web.server.JettyServer Failed to start web server...
> shutting down.
> nifi-runner_1 |
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration':
> Unsatisfied dependency expressed through method
> 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is
> org.springframework.beans.factory.BeanExpressionException: Expression
> parsing failed; nested exception is
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied
> dependency expressed through method 'setJwtAuthenticationProvider'
> parameter 0; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'jwtAuthenticationProvider' defined in class path resource
> [nifi-web-security-context.xml]: Cannot resolve reference to bean
> 'authorizer' while setting constructor argument; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'authorizer': FactoryBean threw exception on object
> creation; nested exception is
> org.springframework.ldap.OperationNotSupportedException: [LDAP: error code
> 12 - Unavailable Critical Extension]; nested exception is
> javax.naming.OperationNotSupportedException: [LDAP: error code 12 -
> Unavailable Critical Extension]; remaining name 'o=corp.mycompany.com'
> nifi-runner_1 | at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:666)
> nifi-runner_1 | at
> org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
> nifi-runner_1 | at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:366)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1269)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:551)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761)
> nifi-runner_1 | at
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:867)
>
> nifi-runner_1 | at
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:543)
> nifi-runner_1 | at
> org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:443)
> nifi-runner_1 | at
> org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:325)
> nifi-runner_1 | at
> org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
> nifi-runner_1 | at
> org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:953)
> nifi-runner_1 | at
> org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:558)
> nifi-runner_1 | at
> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:918)
> nifi-runner_1 | at
> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:370)
> nifi-runner_1 | at
> org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1497)
> nifi-runner_1 | at
> org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1459)
> nifi-runner_1 | at
> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:848)
> nifi-runner_1 | at
> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:287)
> nifi-runner_1 | at
> org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:545)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
> nifi-runner_1 | at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:108)
> nifi-runner_1 | at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
> nifi-runner_1 | at
> org.eclipse.jetty.server.handler.gzip.GzipHandler.doStart(GzipHandler.java:403)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
> nifi-runner_1 | at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
> nifi-runner_1 | at
> org.eclipse.jetty.server.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:167)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
> nifi-runner_1 | at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:138)
> nifi-runner_1 | at
> org.eclipse.jetty.server.Server.start(Server.java:419)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:108)
> nifi-runner_1 | at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
> nifi-runner_1 | at
> org.eclipse.jetty.server.Server.doStart(Server.java:386)
> nifi-runner_1 | at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
> nifi-runner_1 | at
> org.apache.nifi.web.server.JettyServer.start(JettyServer.java:935)
> nifi-runner_1 | at org.apache.nifi.NiFi.<init>(NiFi.java:158)
> nifi-runner_1 | at org.apache.nifi.NiFi.<init>(NiFi.java:72)
> nifi-runner_1 | at org.apache.nifi.NiFi.main(NiFi.java:297)
> nifi-runner_1 | Caused by:
> org.springframework.beans.factory.BeanExpressionException: Expression
> parsing failed; nested exception is
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied
> dependency expressed through method 'setJwtAuthenticationProvider'
> parameter 0; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'jwtAuthenticationProvider' defined in class path resource
> [nifi-web-security-context.xml]: Cannot resolve reference to bean
> 'authorizer' while setting constructor argument; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'authorizer': FactoryBean threw exception on object
> creation; nested exception is
> org.springframework.ldap.OperationNotSupportedException: [LDAP: error code
> 12 - Unavailable Critical Extension]; nested exception is
> javax.naming.OperationNotSupportedException: [LDAP: error code 12 -
> Unavailable Critical Extension]; remaining name 'o=corp.mycompany.com'
> nifi-runner_1 | at
> org.springframework.context.expression.StandardBeanExpressionResolver.evaluate(StandardBeanExpressionResolver.java:163)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.evaluateBeanDefinitionString(AbstractBeanFactory.java:1454)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1086)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1064)
> nifi-runner_1 | at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:658)
> nifi-runner_1 | ... 53 common frames omitted
> nifi-runner_1 | Caused by:
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied
> dependency expressed through method 'setJwtAuthenticationProvider'
> parameter 0; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'jwtAuthenticationProvider' defined in class path resource
> [nifi-web-security-context.xml]: Cannot resolve reference to bean
> 'authorizer' while setting constructor argument; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'authorizer': FactoryBean threw exception on object
> creation; nested exception is
> org.springframework.ldap.OperationNotSupportedException: [LDAP: error code
> 12 - Unavailable Critical Extension]; nested exception is
> javax.naming.OperationNotSupportedException: [LDAP: error code 12 -
> Unavailable Critical Extension]; remaining name 'o=corp.mycompany.com'
> nifi-runner_1 | at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:666)
> nifi-runner_1 | at
> org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
> nifi-runner_1 | at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:366)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1269)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:551)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:519)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:508)
> nifi-runner_1 | at
> org.springframework.security.config.annotation.web.configuration.AutowiredWebSecurityConfigurersIgnoreParents.getWebSecurityConfigurers(AutowiredWebSecurityConfigurersIgnoreParents.java:53)
> nifi-runner_1 | at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> nifi-runner_1 | at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> nifi-runner_1 | at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> nifi-runner_1 | at java.lang.reflect.Method.invoke(Method.java:498)
> nifi-runner_1 | at
> org.springframework.expression.spel.support.ReflectiveMethodExecutor.execute(ReflectiveMethodExecutor.java:117)
> nifi-runner_1 | at
> org.springframework.expression.spel.ast.MethodReference.getValueInternal(MethodReference.java:134)
> nifi-runner_1 | at
> org.springframework.expression.spel.ast.MethodReference.access$000(MethodReference.java:52)
> nifi-runner_1 | at
> org.springframework.expression.spel.ast.MethodReference$MethodValueRef.getValue(MethodReference.java:377)
> nifi-runner_1 | at
> org.springframework.expression.spel.ast.CompoundExpression.getValueInternal(CompoundExpression.java:88)
> nifi-runner_1 | at
> org.springframework.expression.spel.ast.SpelNodeImpl.getValue(SpelNodeImpl.java:121)
> nifi-runner_1 | at
> org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:257)
> nifi-runner_1 | at
> org.springframework.context.expression.StandardBeanExpressionResolver.evaluate(StandardBeanExpressionResolver.java:160)
> nifi-runner_1 | ... 57 common frames omitted
> nifi-runner_1 | Caused by:
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'jwtAuthenticationProvider' defined in class path resource
> [nifi-web-security-context.xml]: Cannot resolve reference to bean
> 'authorizer' while setting constructor argument; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'authorizer': FactoryBean threw exception on object
> creation; nested exception is
> org.springframework.ldap.OperationNotSupportedException: [LDAP: error code
> 12 - Unavailable Critical Extension]; nested exception is
> javax.naming.OperationNotSupportedException: [LDAP: error code 12 -
> Unavailable Critical Extension]; remaining name 'o=corp.mycompany.com'
> nifi-runner_1 | at
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
>
> nifi-runner_1 | at
> org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:634)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:145)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1198)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1100)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:511)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
> nifi-runner_1 | at
> org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:208)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1136)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1064)
> nifi-runner_1 | at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:658)
> nifi-runner_1 | ... 81 common frames omitted
> nifi-runner_1 | Caused by:
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'authorizer': FactoryBean threw exception on object
> creation; nested exception is
> org.springframework.ldap.OperationNotSupportedException: [LDAP: error code
> 12 - Unavailable Critical Extension]; nested exception is
> javax.naming.OperationNotSupportedException: [LDAP: error code 12 -
> Unavailable Critical Extension]; remaining name 'o=corp.mycompany.com'
> nifi-runner_1 | at
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:185)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1640)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:323)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
> nifi-runner_1 | ... 96 common frames omitted
> nifi-runner_1 | Caused by:
> org.springframework.ldap.OperationNotSupportedException: [LDAP: error code
> 12 - Unavailable Critical Extension]; nested exception is
> javax.naming.OperationNotSupportedException: [LDAP: error code 12 -
> Unavailable Critical Extension]; remaining name 'o=corp.mycompany.com'
> nifi-runner_1 | at
> org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:212)
> nifi-runner_1 | at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:397)
> nifi-runner_1 | at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:328)
> nifi-runner_1 | at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:629)
> nifi-runner_1 | at
> org.apache.nifi.ldap.tenants.LdapUserGroupProvider.load(LdapUserGroupProvider.java:493)
> nifi-runner_1 | at
> org.apache.nifi.ldap.tenants.LdapUserGroupProvider.onConfigured(LdapUserGroupProvider.java:387)
> nifi-runner_1 | at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> nifi-runner_1 | at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> nifi-runner_1 | at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> nifi-runner_1 | at java.lang.reflect.Method.invoke(Method.java:498)
> nifi-runner_1 | at
> org.apache.nifi.authorization.UserGroupProviderInvocationHandler.invoke(UserGroupProviderInvocationHandler.java:38)
> nifi-runner_1 | at com.sun.proxy.$Proxy76.onConfigured(Unknown
> Source)
> nifi-runner_1 | at
> org.apache.nifi.authorization.AuthorizerFactoryBean.getObject(AuthorizerFactoryBean.java:139)
> nifi-runner_1 | at
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:178)
> nifi-runner_1 | ... 101 common frames omitted
> nifi-runner_1 | Caused by: javax.naming.OperationNotSupportedException:
> [LDAP: error code 12 - Unavailable Critical Extension]
> nifi-runner_1 | at
> com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3214)
> nifi-runner_1 | at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
> nifi-runner_1 | at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
> nifi-runner_1 | at
> com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
> nifi-runner_1 | at
> com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
> nifi-runner_1 | at
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
> nifi-runner_1 | at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
> nifi-runner_1 | at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
> nifi-runner_1 | at
> javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
> nifi-runner_1 | at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> nifi-runner_1 | at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> nifi-runner_1 | at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> nifi-runner_1 | at java.lang.reflect.Method.invoke(Method.java:498)
> nifi-runner_1 | at
> org.springframework.ldap.core.support.SingleContextSource$NonClosingDirContextInvocationHandler.invoke(SingleContextSource.java:197)
> nifi-runner_1 | at com.sun.proxy.$Proxy78.search(Unknown Source)
> nifi-runner_1 | at
> org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:322)
> nifi-runner_1 | at
> org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:363)
> nifi-runner_1 | ... 113 common frames omitted
>
>
> it seems like the LDAP server i'm trying to talk to doesn't support some
> of the queries i try to send him. But what <am i doing wrong ?
>
>
> My authorizers.xml contains
> <userGroupProvider>
> <identifier>ldap-user-group-provider</identifier>
> <class>org.apache.nifi.ldap.tenants.LdapUserGroupProvider</class>
> <property name="Authentication Strategy">LDAPS</property>
> <property name="Manager DN">myserviceaccount</property>
> <property name="Manager Password">mypassword</property>
> <property name="TLS - Keystore"></property>
> <property name="TLS - Keystore Password"></property>
> <property name="TLS - Keystore Type"></property>
> <property name="TLS - Truststore">/opt/certs/cacerts.jks</property>
> <property name="TLS - Truststore Password">changeit</property>
> <property name="TLS - Truststore Type">JKS</property>
> <property name="TLS - Client Auth"></property>
> <property name="TLS - Protocol">TLSv1</property>
> <property name="TLS - Shutdown Gracefully"></property>
> <property name="Referral Strategy">FOLLOW</property>
> <property name="Connect Timeout">10 secs</property>
> <property name="Read Timeout">10 secs</property>
> <property name="Url">ldaps://myserver.mycompany.com:636</property>
> <property name="Page Size">0</property>
> <property name="Sync Interval">30 mins</property>
> <property name="User Search Base">o=corp.mycompany.com</property>
> <property name="User Object Class">privPerson</property>
> <property name="User Search Scope">SUBTREE</property>
> <property name="User Search Filter">(&
> (objectclass=privPerson)(uid={0}))</property>
> <property name="User Identity Attribute">uid</property>
> <property name="User Group Name Attribute"></property>
> <property name="User Group Name Attribute - Referenced Group Attribute"></
> property>
> <property name="Group Search Base"></property>
> <property name="Group Object Class">group</property>
> <property name="Group Search Scope">ONE_LEVEL</property>
> <property name="Group Search Filter"></property>
> <property name="Group Name Attribute"></property>
> <property name="Group Member Attribute"></property>
> <property name="Group Member Attribute - Referenced User Attribute"></
> property>
> </userGroupProvider>
>
> And my login-identity-providers contains
>
>
> <provider>
> <identifier>ldap-provider</identifier>
> <class>org.apache.nifi.ldap.LdapProvider</class>
> <property name="Authentication Strategy">LDAPS</property>
> <property name="Manager DN">myserviceaccount</property>
> <property name="Manager Password">mypassword</property>
> <property name="TLS - Keystore"></property>
> <property name="TLS - Keystore Password"></property>
> <property name="TLS - Keystore Type"></property>
> <property name="TLS - Truststore">/opt/certs/cacerts.jks</property>
> <property name="TLS - Truststore Password">changeit</property>
> <property name="TLS - Truststore Type">JKS</property>
> <property name="TLS - Client Auth"></property>
> <property name="TLS - Protocol">TLSv1</property>
> <property name="TLS - Shutdown Gracefully"></property>
> <property name="Referral Strategy">FOLLOW</property>
> <property name="Connect Timeout">10 secs</property>
> <property name="Read Timeout">10 secs</property>
> <property name="Url">ldaps://myserver.mycompany.com:636</property>
> <property name="User Search Base">o=corp.mycompany.com</property>
> <property name="User Search Filter">(&
> (objectclass=privPerson)(uid={0}))</property>
> <property name="Identity Strategy">USE_DN</property>
> <property name="Authentication Expiration">12 hours</property>
> </provider>
>
>
> Do you know what I did wrong ?
>
>
> Thanks !
>