Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.4.0
-
None
-
None
Description
LdapUserGroupProvider, which was added in version 1.4.0, allows users to sync NiFi users and groups with an LDAP server. This is configured in authorizers.xml, and one of the configuration properties is Sync Interval, which allows and admin to specify the interval on which NiFi should poll the LDAP server to refresh its local copy of users and groups.
A logic bug in time units conversions is inadvertently treating milliseconds as seconds, meaning the sync interval that will actually be scheduled will be 1000x the user-configured value.
Here is a code snippet from LdapUserGroupProvider.java:
final PropertyValue rawSyncInterval = configurationContext.getProperty(PROP_SYNC_INTERVAL); //... syncInterval = FormatUtils.getTimeDuration(rawSyncInterval.getValue(), TimeUnit.MILLISECONDS); //... // schedule the background thread to load the users/groups ldapSync.scheduleWithFixedDelay(() -> load(context), syncInterval, syncInterval, TimeUnit.SECONDS);
The fix should be very simple: simply change the TimeUnits of syncInterval.
In the meantime, for users impacted by this known issue, a workaround is to scale the value set in the Sync Interval property by 1/1000.