Yes, I believe the issue is that you have a user and a group with the same name. The UUID's are determined deterministically based on the user identity and group name. This is done so that we can ensure the same data model across a cluster. While not ideal, this doesn't present any issue managing them or the policies. However, the UI attempts to present them in a single table using that UUID as an identifier. In this case, they are not unique. We should likely do something to ensure that users and group have unique identifiers regardless if there are name conflicts. I have filed a JIRA for this [1]. If possible, you could work around this by ensuring that your users and groups have unique names.
Matt [1] https://issues.apache.org/jira/browse/NIFI-6161 On Thu, Mar 28, 2019 at 12:38 PM DEHAY Aurelien <[email protected]> wrote: > Well, I can compare a lot of things I don’t really know where to search. > > > > What are to be unique? It’s the UUID (id field) present in > users/userGroups endpoints? The identity (short names)? > > I may have some duplicated between names between user and groups, I’m > going to check that point. > > > > Thanks. > > > > *From:* Matt Gilman <[email protected]> > *Sent:* mercredi 27 mars 2019 19:32 > *To:* [email protected] > *Subject:* Re: Empty "nifi users" page. > > > > Is it possible that you have a user and a group with the same > name/identity? Can you compare what is in your users.xml file and what is > being loaded from your directory server? To see what's being loaded from > your directory server, if your running 1.9.x you should be able to enable > debug level logging on > > org.apache.nifi.ldap.tenants.LdapUserGroupProvider > > Thanks > > > > Matt > > > > On Wed, Mar 27, 2019 at 5:46 AM DEHAY Aurelien < > [email protected]> wrote: > > Thanks for you answer. > > > > Like Bryan and you made me investigate on the browser side, I’ve check > cache and dev tools. > > > > Indeed the data are correctly sent to the browser. The users & groups api > are correctly called and results are good. > > > > So I suppose it’s something on browser side (tested with FF and chrome > with same issue). > > > > I got these errors in the console without guarantee that it’s linked to > the issue: > > > > Content Security Policy: « x-frame-options » ignoré en raison de la > directive « frame-ancestors ». > > CURRENT_SITE: par01prdedge1.soft.fau:18443/nifi/users > KeeperFill-var.js:30:935 > > uncaught exception: Each data element must implement a unique 'id' property > > > > Thanks. > > > > *From:* Matt Gilman <[email protected]> > *Sent:* mardi 26 mars 2019 17:49 > *To:* [email protected] > *Subject:* Re: Empty "nifi users" page. > > > > Hi. > > > > Could you open up your browsers Developer Tools and check the Console for > any errors and look at the Network requests and ensure that they are > returning correctly. The behavior your describing indicate one of two > things. Either the request is not returning from the server or there is a > front end code bug. > > > > We have addressed a couple of issues recently that are scheduled to land > in 1.10.0 where users are removed (from LDAP externally) and they are still > referenced in NiFi policies or groups. However, I don't think the behavior > is exactly how you describe. > > > > Also, are you able to build current master and try that out? If your > running into the same problem, it's possible its already addressed. > > > > Thanks > > > > Matt > > > > On Tue, Mar 26, 2019 at 10:29 AM Bryan Bende <[email protected]> wrote: > > What browser and browser version are you using? > > Have you tried clearing your browser cache just to make sure the page > is loading properly? > > On Tue, Mar 26, 2019 at 10:21 AM DEHAY Aurelien > <[email protected]> wrote: > > > > Hello. > > > > I expect to see at least the local users with associated rights (e.g. > content of users.xml and authorizations.xml), I've got 3 local users and a > bunch of associated rights with ldap users/groups. > > > > I'll try the search filter, but the list is ok when modifying the > policies of objects, I can see groups &users. > > > > Thanks. > > > > -----Original Message----- > > From: Kevin Doran <[email protected]> > > Sent: samedi 23 mars 2019 18:52 > > To: [email protected] > > Subject: Re: Empty "nifi users" page. > > > > How many users and groups do you expect to sync? Are you able to test > your search base and filter are correct using a command line tool such as > ldapsearch? I'm not sure if a search filter is required (although it would > probably fail with an error if it was), but maybe try setting a "match all" > filter such as (uid=*). > > > > Hope this helps, > > Kevin > > > > On Fri, Mar 22, 2019 at 11:08 AM DEHAY Aurelien < > [email protected]> wrote: > > > > > > Hello. > > > > > > > > > > > > My “nifi users” page is empty, with only the spinner spinning at the > bottom of the page. > > > > > > > > > > > > I’ve tried a lot of conf, and for now everything work fine, except > that. There is nothing in the log, even when I tried to put “debug” for > authorization parts in logback. > > > > > > > > > > > > I had the same behavior with 1.7, 1.8, 1.9 and 1.9.1. > > > > > > > > > > > > My configuration authorizers.xml and the part of user mapping in the > > > nifi.properties is > > > https://gist.github.com/zorel/f76c3924f2b266e8a878397271a54f24 > > > > > > > > > > > > I’ve read Pierre Villard blog post, nifi doc and a lot of post in > hortonworks site, but I’ve must I missed something. Any pointer is > appreciated. > > > > > > > > > > > > Thanks. > > > > > > > > > This electronic transmission (and any attachments thereto) is intended > solely for the use of the addressee(s). It may contain confidential or > legally privileged information. If you are not the intended recipient of > this message, you must delete it immediately and notify the sender. Any > unauthorized use or disclosure of this message is strictly prohibited. > Faurecia does not guarantee the integrity of this transmission and shall > therefore never be liable if the message is altered or falsified nor for > any virus, interception or damage to your system. > > > > This electronic transmission (and any attachments thereto) is intended > solely for the use of the addressee(s). It may contain confidential or > legally privileged information. If you are not the intended recipient of > this message, you must delete it immediately and notify the sender. Any > unauthorized use or disclosure of this message is strictly prohibited. > Faurecia does not guarantee the integrity of this transmission and shall > therefore never be liable if the message is altered or falsified nor for > any virus, interception or damage to your system. > > > This electronic transmission (and any attachments thereto) is intended > solely for the use of the addressee(s). It may contain confidential or > legally privileged information. If you are not the intended recipient of > this message, you must delete it immediately and notify the sender. Any > unauthorized use or disclosure of this message is strictly prohibited. > Faurecia does not guarantee the integrity of this transmission and shall > therefore never be liable if the message is altered or falsified nor for > any virus, interception or damage to your system. > > > This electronic transmission (and any attachments thereto) is intended > solely for the use of the addressee(s). It may contain confidential or > legally privileged information. If you are not the intended recipient of > this message, you must delete it immediately and notify the sender. Any > unauthorized use or disclosure of this message is strictly prohibited. > Faurecia does not guarantee the integrity of this transmission and shall > therefore never be liable if the message is altered or falsified nor for > any virus, interception or damage to your system. >
