Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-4677

LdapUserGroupProvider Sync Interval property conversion error

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.4.0
    • Fix Version/s: 1.5.0
    • Component/s: None
    • Labels:
      None

      Description

      LdapUserGroupProvider, which was added in version 1.4.0, allows users to sync NiFi users and groups with an LDAP server. This is configured in authorizers.xml, and one of the configuration properties is Sync Interval, which allows and admin to specify the interval on which NiFi should poll the LDAP server to refresh its local copy of users and groups.

      A logic bug in time units conversions is inadvertently treating milliseconds as seconds, meaning the sync interval that will actually be scheduled will be 1000x the user-configured value.

      Here is a code snippet from LdapUserGroupProvider.java:

      final PropertyValue rawSyncInterval = configurationContext.getProperty(PROP_SYNC_INTERVAL);
      //...        
      syncInterval = FormatUtils.getTimeDuration(rawSyncInterval.getValue(), TimeUnit.MILLISECONDS);
      //...
      // schedule the background thread to load the users/groups
      ldapSync.scheduleWithFixedDelay(() -> load(context), syncInterval, syncInterval, TimeUnit.SECONDS);
      

      The fix should be very simple: simply change the TimeUnits of syncInterval.

      In the meantime, for users impacted by this known issue, a workaround is to scale the value set in the Sync Interval property by 1/1000.

        Attachments

          Activity

            People

            • Assignee:
              kdoran Kevin Doran
              Reporter:
              kdoran Kevin Doran
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: