Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Resolved
-
1.8.0
-
None
-
None
-
3 nodes in a secure cluster on CentOS 7 connecting to a MS AD via ldap configuration
-
Important
Description
If connection to the ldap is lost the ldap-user-group-provider - background sync thread dies. And NIFI stops syncing and gets update from ldap.
The nodes are configured for ldap and import all users and groups based on filter and base search. Users and groups are joined according to configuration. If users are added/removed from groups, the sync process updates NIFI until the sync process dies because of network timeout.
Debugging: adding the "org.apache.nifi.ldap" to the logback.xml does not help much. The only information's is warnings if a group has a member and the users is not imported.
WARN [ (ldap-user-group-provider) - background sync thread] org.apache.nifi.ldap.tenants.LdapUserGroupProvider cn=superusers,ou=nifi01,ou=NiFiClusters,dc=example,dc=net contains member uid=user01,ou=people,dc=example,dc=net but that user was not found while searching users. Ignoring group membership.
Adding "org.springframework.ldap" to the logback.xml file gives some information every time there is a background sync.
In my configuration I set the Sync Interval to 1 mins (authorizers.xml). Verifying the debug logs for background sync and after some times I removed the connection to the ldap. From now on I can't find any debug information about the ldap sync. Even if I reestablish the connection there will be no more debug information and no ldap sync.