nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nikhil Chaudhary <nik...@acommerce.asia>
Subject Re: LDAP Users & Group Sync
Date Mon, 19 Feb 2018 03:18:22 GMT
Hi Kevin,

Noted and thank you very much.

Best Regards,
Nick

On 18 Feb 2018 21:29 +0700, Kevin Doran <kdoran@apache.org>, wrote:
> Hi Nick,
>
> Just wanted to shoot you a quick note mentioning that this issue was resolved in NiFi
1.5.0 which was released in January. If/when you upgrade, be sure to change your configuration
from 120ms to 120s (or whatever time interval you prefer to use, it will work correctly now).
There is a guard in place that will protect users upgrading who were using the workaround
of setting a tiny (sub-second) sync interval, but that will just prevent startup with an error
message. You’ll need to change your authorizers.xml sync interval to be longer to get past
that sanity check.
>
> Regards,
> Kevin
>
> From: Nikhil Chaudhary <nikhil@acommerce.asia>
> Reply-To: <users@nifi.apache.org>
> Date: Friday, December 8, 2017 at 02:23
> To: <users@nifi.apache.org>
> Subject: Re: LDAP Users & Group Sync
>
> Hi Kevin,
>
> Changing that directly into milliseconds (120 ms) worked perfectly and the LDAP group
and users synced as expected.
>
> Thank You.
>
> Cheers,
> Nick
>
> On 8 Dec 2017 11:59 +0700, Kevin Doran <kdoran.apache@gmail.com>, wrote:
>
> > Hi Nikhil,
> >
> > I haven't heard of this issue before. Looking at the NiFi code that is interpreting
the sync interval property from authorizers.xml [1], I think you may have come across a bug.
> >
> > With just looking at the code, and not having tried to reproduce the issue, it appears
to me that the sync interval is not being converted correctly in the block of code that processes
the XML and schedules a background task to perform the sync. Specifically, it appears the
configured value is read into a variable and normalized to *milliseconds*, but then passed
into a function as *seconds* without value conversion. So in your case, that would mean this
is happening:
> >
> > 2 minutes -> 120,000 milliseconds -> 120,000 seconds
> >
> > If I'm correct, that would certainly explain why you aren't seeing synchronizations
happening!
> >
> > I've filed a JIRA bug report [2]. I want to confirm the issue and the fix by attempting
to reproduce it, after which I can submit a patch to fix this in the next regular NiFi release.
> >
> > In the meantime, can you try this workaround in your authorizers.xml:
> >
> > <!— A bug (see NIFI-4677) in versions <= 1.4.0 causes this field to be off
by a factor of 1000,
> > so this is actually specifying an interval of 120 seconds, not 120 milliseconds.
--
> > <property name="Sync Interval">120 ms</property
> >
> > Let me know if that does not work, in which case we can dig into it further. Thanks
for bringing this issue to everyone's attention!
> >
> > Kevin
> >
> > [1] https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/tenants/LdapUserGroupProvider.java#L365
> > [2] https://issues.apache.org/jira/browse/NIFI-4677
> >
> > On 12/7/17, 22:31, "Nikhil Chaudhary" <nikhil@acommerce.asia> wrote:
> >
> > Hey Guys,
> >
> > We’re trying to get NiFi synced to our LDAP directory and the initial sync happens
successfully, however any changes made within LDAP (adding another group to an existing user)
does not get synced unless we restart NiFi.
> >
> > Tried to set the Sync Interval to 2 mins in the authorizers.xml file but still nothing.
> >
> > Is there any other place we need to set the sync interval or something else that
needs to be done for the sync to happen?
> >
> > Thank You.
> >
> > Cheers,
> > Nick
> >
> >
> >

Mime
View raw message