Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Trying to improve ldappc performance

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Trying to improve ldappc performance


Chronological Thread 
  • From: Paul Engle <>
  • To:
  • Subject: Re: [grouper-users] Trying to improve ldappc performance
  • Date: Wed, 13 May 2009 08:53:58 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Okay, I'm really not an airhead. :) This time, the files are
really, truly there.

-paul

- --On Wednesday, May 13, 2009 8:36 AM -0500 Paul Engle
<>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Ach, sorry. I had meant to attach those with the original
> message. I've tried various configurations of ldappc.xml.
> This is the latest attempt. It works, but doesn't populate
> riceGrouperID; instead I get a warning in the logs like this:
>
> 2009-05-12 15:10:47,013: [main] WARN ErrorLog.warn(95) -
> [edu.internet2.middleware.ldappc.synchronize.GroupEntrySynchr
> onizer] GROUP[[ DISPLAY NAME = Stem for testing:Test
> Courses:ELEC526:Spring 2009:Section 001:Instructor ][NAME =
> testStem:courses:ELEC526:Sp09:001:instructor][UID =
> 7cfc2e80-574e-4107-ac89-564cb7de041c]] field not found: UID
>
> -paul
>
> - --On Tuesday, May 12, 2009 4:17 PM -0500 Tom Zeller
> <>
> wrote:
>
>> Could you please either post or send privately sanitized
>> copies of ldappc.xml and sources.xml used by ldappc ?
>>
>>
>> TomZ
>>
>>
>> On Tue, May 12, 2009 at 3:27 PM, Paul Engle
>> <>
>> wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>> All,
>>  I'm seeing some pretty slow initial load times for ldappc,
>> and I assume it's because something is not optimized in my
>> configuration. I seem to recall that it is desirable to store
>> the subject_id from grouper in LDAP so that group subjects
>> can be retrieved without an additional lookup. I was
>> assuming I could do this with ldappc via a
>> group-attribute-mapping, but I can't figure out what
>> attribute name from grouper to use. There's nothing defined
>> in grouper_fields in the database that seems to have that
>> info. Should I be doing this another way? Any pointers would
>> be welcome.
>>
>>  The grouper hierarchy we've designed relies heavily on
>> member
>> groups, and I'm assuming that's what's slowing down the
>> provisioning. It's taking upwards of 16 hours to do an
>> initial load of about 15500 groups. We're running a pretty
>> basic grouper-1.4.1 installation with no custom hooks.
>>
>>  -paul
>>
>> - --
>> Paul D. Engle              |  Rice University
>> Sr. Systems Administrator  |  Information Technology -
>> MS119 (713)348-4702              |  PO Box 1892
>>
>>            |  Houston, TX 77252-1892
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.7 (MingW32)
>>
>> iD8DBQFKCdugCpkISWtyHNsRAgsEAJsH8t7V3RfglvdwVB9PVAaLa00TVACeJ
>> OBl
>> 8XTDY5KtLTr8iyl2C9jx6RQ=
>> =X2uV
>> -----END PGP SIGNATURE-----
>>
>>
>>
>
>
>
> - --
> Paul D. Engle | Rice University
> Sr. Systems Administrator | Information Technology - MS119
> (713)348-4702 | PO Box 1892
>
> | Houston, TX 77252-1892
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32)
>
> iD8DBQFKCs0KCpkISWtyHNsRAszZAKCPiC7wnQi+AmfCPITZW2fniAObdgCfR
> /6t g1ZRUuDzY279zjbZzlwKvD4=
> =fey7
> -----END PGP SIGNATURE-----
>
>



- --
Paul D. Engle | Rice University
Sr. Systems Administrator | Information Technology - MS119
(713)348-4702 | PO Box 1892

| Houston, TX 77252-1892
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFKCtD2CpkISWtyHNsRAm77AJ0fVWS63bo0Z2WpoopihPCtNZrzzACeNz0G
BrD9ju2iIoCt4N+vv+XmWMY=
=RDi3
-----END PGP SIGNATURE-----
<?xml version="1.0" encoding="utf-8"?><!--     * This file contains data for Ldappc.    *    * See ldappcTemplate.xml for documentation regarding how to use these    * elements.--><ldappc>  <grouper>    <group-queries>      <subordinate-stem-queries>        <stem-list>          <stem>testStem</stem>        </stem-list>      </subordinate-stem-queries>    </group-queries>    <groups structure="bushy"      initial-cache-size="100003"      root-dn="ou=pengletest,dc=rice,dc=edu"      ldap-object-class="groupOfUniqueNames"      ldap-rdn-attribute="cn" grouper-attribute="name" >      <group-members-dn-list list-object-class="groupOfUniqueNames" list-attribute="uniqueMember"/>      <group-members-name-list list-object-class="eduMember" list-attribute="hasMember" >        <source-subject-name-mapping>          <source-subject-name-map source="g:gsa" subject-attribute="name" />          <source-subject-name-map source="rice" subject-attribute="uid" />        </source-subject-name-mapping>      </group-members-name-list>      <group-attribute-mapping ldap-object-class="riceGroup">        <group-attribute-map group-attribute="description" ldap-attribute="description" />        <group-attribute-map group-attribute="name" ldap-attribute="givenName" />        <group-attribute-map group-attribute="UID" ldap-attribute="riceGrouperID" />      </group-attribute-mapping>    </groups>  </grouper>  <source-subject-identifiers>    <source-subject-identifier source="rice"                               subject-attribute="uid"                               initial-cache-size="100003">      <ldap-search base="ou=People,dc=rice,dc=edu"        scope="onelevel_scope"        filter="(uid={0})" />    </source-subject-identifier>    <source-subject-identifier source="g:gsa"                               subject-attribute="name"                               initial-cache-size="100003">      <ldap-search base="ou=pengletest,dc=rice,dc=edu"        scope="subtree_scope"        filter="(givenName={0})" />    </source-subject-identifier>  </source-subject-identifiers>  <ldap>    <context>      <parameter-list>        <parameter name="initial_context_factory" value="com.sun.jndi.ldap.LdapCtxFactory" />        <parameter name="provider_url" value="ldaps://ldap1.rice.edu:636" />        <parameter name="security_authentication" value="simple" />        <parameter name="security_principal" value="cn=grouper,ou=Service Accounts,dc=rice,dc=edu" />        <parameter name="security_credentials" value="GetFromPropertiesFile" />      </parameter-list>    </context>  </ldap></ldappc>

Attachment: pgp6FZAy2JKl0.pgp
Description: PGP signature

<?xml version="1.0" encoding="utf-8"?><!--Grouper's subject resolver configuration$Id: sources.example.xml,v 1.6 2008/10/16 05:45:47 mchyzer Exp $--><sources>  <!-- Group Subject Resolver -->  <!--     NOTE: It is recommended that you **not** change the default          values for this source adapter.  -->  <source adapterClass="edu.internet2.middleware.grouper.GrouperSourceAdapter">    <id>g:gsa</id>    <name>Grouper: Group Source Adapter</name>    <type>group</type>  </source>  <!-- Group Subject Resolver -->     <source adapterClass="edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter">    <id>rice</id>    <name>Rice Edu</name>    <type>person</type>    <init-param>      <param-name>INITIAL_CONTEXT_FACTORY</param-name>      <param-value>com.sun.jndi.ldap.LdapCtxFactory</param-value>    </init-param>    <init-param>      <param-name>PROVIDER_URL</param-name>      <param-value>ldaps://ldap.rice.edu:636</param-value>    </init-param>    <init-param>      <param-name>SECURITY_AUTHENTICATION</param-name>      <param-value>simple</param-value>    </init-param>    <init-param>      <param-name>SECURITY_PRINCIPAL</param-name>      <param-value>cn=grouper,ou=Service Accounts,dc=rice,dc=edu</param-value>    </init-param>    <init-param>      <param-name>SECURITY_CREDENTIALS</param-name>      <param-value>/usr/site/grouper/conf/secret/morphString.txt</param-value>    </init-param>     <init-param>      <param-name>SubjectID_AttributeType</param-name>      <param-value>uid</param-value>    </init-param>    <init-param>      <param-name>Name_AttributeType</param-name>      <param-value>displayName</param-value>    </init-param>    <init-param>      <param-name>Description_AttributeType</param-name>      <param-value>displayName</param-value>    </init-param>        /// Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE     /// For filter use         <search>        <searchType>searchSubject</searchType>        <param>            <param-name>filter</param-name>            <param-value>                (&amp; (uid=%TERM%) (objectclass=riceEduPerson))            </param-value>        </param>        <param>            <param-name>scope</param-name>            <param-value>                SUBTREE_SCOPE                        </param-value>        </param>        <param>            <param-name>base</param-name>            <param-value>                ou=people,dc=rice,dc=edu            </param-value>        </param>             </search>    <search>        <searchType>searchSubjectByIdentifier</searchType>        <param>            <param-name>filter</param-name>            <param-value>                (&amp; (uid=%TERM%) (objectclass=riceEduPerson))            </param-value>        </param>        <param>            <param-name>scope</param-name>            <param-value>                SUBTREE_SCOPE                        </param-value>        </param>        <param>            <param-name>base</param-name>            <param-value>                ou=people,dc=rice,dc=edu            </param-value>        </param>    </search>        <search>       <searchType>search</searchType>         <param>            <param-name>filter</param-name>            <param-value>                (&amp; (|(uid=%TERM%)(cn=*%TERM%*))(objectclass=riceEduPerson))            </param-value>        </param>        <param>            <param-name>scope</param-name>            <param-value>                SUBTREE_SCOPE                        </param-value>        </param>         <param>            <param-name>base</param-name>            <param-value>                ou=people,dc=rice,dc=edu            </param-value>        </param>    </search>    ///Attributes you would like to display when doing a search     <attribute>uid</attribute>    <attribute>sn</attribute>    <attribute>riceClass</attribute>    <attribute>riceOrg</attribute>    <attribute>riceUserStatus</attribute>     </source>  <source adapterClass="edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter">    <id>serviceAcct</id>    <name>Rice Service Accounts</name>    <type>person</type>    <init-param>      <param-name>INITIAL_CONTEXT_FACTORY</param-name>      <param-value>com.sun.jndi.ldap.LdapCtxFactory</param-value>    </init-param>    <init-param>      <param-name>PROVIDER_URL</param-name>      <param-value>ldaps://ldap.rice.edu:636</param-value>    </init-param>    <init-param>      <param-name>SECURITY_AUTHENTICATION</param-name>      <param-value>simple</param-value>    </init-param>    <init-param>      <param-name>SECURITY_PRINCIPAL</param-name>      <param-value>cn=grouper,ou=Service Accounts,dc=rice,dc=edu</param-value>    </init-param>    <init-param>      <param-name>SECURITY_CREDENTIALS</param-name>      <param-value>/usr/site/grouper/conf/secret/morphString.txt</param-value>    </init-param>     <init-param>      <param-name>SubjectID_AttributeType</param-name>      <param-value>cn</param-value>    </init-param>    <init-param>      <param-name>Name_AttributeType</param-name>      <param-value>cn</param-value>    </init-param>    <init-param>      <param-name>Description_AttributeType</param-name>      <param-value>description</param-value>    </init-param>        /// Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE     /// For filter use         <search>        <searchType>searchSubject</searchType>        <param>            <param-name>filter</param-name>            <param-value>                (&amp; (cn=%TERM%))            </param-value>        </param>        <param>            <param-name>scope</param-name>            <param-value>                SUBTREE_SCOPE                        </param-value>        </param>        <param>            <param-name>base</param-name>            <param-value>                ou=Service Accounts,dc=rice,dc=edu            </param-value>        </param>             </search>    <search>        <searchType>searchSubjectByIdentifier</searchType>        <param>            <param-name>filter</param-name>            <param-value>                (&amp; (cn=%TERM%))            </param-value>        </param>        <param>            <param-name>scope</param-name>            <param-value>                SUBTREE_SCOPE                        </param-value>        </param>        <param>            <param-name>base</param-name>            <param-value>                ou=Service Accounts,dc=rice,dc=edu            </param-value>        </param>    </search>        <search>       <searchType>search</searchType>         <param>            <param-name>filter</param-name>            <param-value>                (&amp; (|(uid=%TERM%)(cn=*%TERM%*)))            </param-value>        </param>        <param>            <param-name>scope</param-name>            <param-value>                SUBTREE_SCOPE                        </param-value>        </param>         <param>            <param-name>base</param-name>            <param-value>                ou=Service Accounts,dc=rice,dc=edu            </param-value>        </param>    </search>    ///Attributes you would like to display when doing a search     <attribute>uid</attribute>    <attribute>sn</attribute>    <attribute>description</attribute>     </source></sources>

Attachment: pgptws_IwHFFi.pgp
Description: PGP signature


Archive powered by MHonArc 2.6.16.

Top of Page