Kevin Doran created NIFI-4677:
---------------------------------
Summary: LdapUserGroupProvider Sync Interval property conversion
error
Key: NIFI-4677
URL: https://issues.apache.org/jira/browse/NIFI-4677
Project: Apache NiFi
Issue Type: Bug
Affects Versions: 1.4.0
Reporter: Kevin Doran
LdapUserGroupProvider, which was added in version 1.4.0, allows users to sync
NiFi users and groups with an LDAP server. This is configured in
authorizers.xml, and one of the configuration properties is Sync Interval,
which allows and admin to specify the interval on which NiFi should poll the
LDAP server to refresh its local copy of users and groups.
A logic bug in time units conversions is inadvertently treating milliseconds as
seconds, meaning the sync interval that will actually be scheduled will be
1000x the user-configured value.
Here is a code snippet from
[LdapUserGroupProvider.java|https://github.com/apache/nifi/blob/rel/nifi-1.4.0/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/tenants/LdapUserGroupProvider.java#L349]:
{code:java}
final PropertyValue rawSyncInterval =
configurationContext.getProperty(PROP_SYNC_INTERVAL);
//...
syncInterval = FormatUtils.getTimeDuration(rawSyncInterval.getValue(),
TimeUnit.MILLISECONDS);
//...
// schedule the background thread to load the users/groups
ldapSync.scheduleWithFixedDelay(() -> load(context), syncInterval,
syncInterval, TimeUnit.SECONDS);
{code}
The fix should be very simple: simply change the TimeUnits of syncInterval.
In the meantime, for users impacted by this known issue, a workaround is to
scale the value set in the Sync Interval property by 1/1000.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
