Hi Nick,
Just wanted to shoot you a quick note mentioning that this issue was resolved in NiFi 1.5.0 which was released in January. If/when you upgrade, be sure to change your configuration from 120ms to 120s (or whatever time interval you prefer to use, it will work correctly now). There is a guard in place that will protect users upgrading who were using the workaround of setting a tiny (sub-second) sync interval, but that will just prevent startup with an error message. You’ll need to change your authorizers.xml sync interval to be longer to get past that sanity check. Regards, Kevin From: Nikhil Chaudhary <[email protected]> Reply-To: <[email protected]> Date: Friday, December 8, 2017 at 02:23 To: <[email protected]> Subject: Re: LDAP Users & Group Sync Hi Kevin, Changing that directly into milliseconds (120 ms) worked perfectly and the LDAP group and users synced as expected. Thank You. Cheers, Nick On 8 Dec 2017 11:59 +0700, Kevin Doran <[email protected]>, wrote: Hi Nikhil, I haven't heard of this issue before. Looking at the NiFi code that is interpreting the sync interval property from authorizers.xml [1], I think you may have come across a bug. With just looking at the code, and not having tried to reproduce the issue, it appears to me that the sync interval is not being converted correctly in the block of code that processes the XML and schedules a background task to perform the sync. Specifically, it appears the configured value is read into a variable and normalized to *milliseconds*, but then passed into a function as *seconds* without value conversion. So in your case, that would mean this is happening: 2 minutes -> 120,000 milliseconds -> 120,000 seconds If I'm correct, that would certainly explain why you aren't seeing synchronizations happening! I've filed a JIRA bug report [2]. I want to confirm the issue and the fix by attempting to reproduce it, after which I can submit a patch to fix this in the next regular NiFi release. In the meantime, can you try this workaround in your authorizers.xml: <!— A bug (see NIFI-4677) in versions <= 1.4.0 causes this field to be off by a factor of 1000, so this is actually specifying an interval of 120 seconds, not 120 milliseconds. -- <property name="Sync Interval">120 ms</property Let me know if that does not work, in which case we can dig into it further. Thanks for bringing this issue to everyone's attention! Kevin [1] https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/tenants/LdapUserGroupProvider.java#L365 [2] https://issues.apache.org/jira/browse/NIFI-4677 On 12/7/17, 22:31, "Nikhil Chaudhary" <[email protected]> wrote: Hey Guys, We’re trying to get NiFi synced to our LDAP directory and the initial sync happens successfully, however any changes made within LDAP (adding another group to an existing user) does not get synced unless we restart NiFi. Tried to set the Sync Interval to 2 mins in the authorizers.xml file but still nothing. Is there any other place we need to set the sync interval or something else that needs to be done for the sync to happen? Thank You. Cheers, Nick
