grouper-users - Re: [grouper-users] a comment regarding real-time group provisioning
Subject: Grouper Users - Open Discussion List
List archive
- From: Jim Fox <>
- To: Tom Zeller <>
- Cc: Grouper Users Mailing List <>
- Subject: Re: [grouper-users] a comment regarding real-time group provisioning
- Date: Thu, 17 Mar 2011 09:05:54 -0700 (PDT)
We had this issue with live updates to ldap.
Openldap tends to rebuild indices on every update. For large groups
this can take a long time and membership updates get backed up.
I don't know if Microsoft does the same thing.
We got around this by a quick batching of the live updates.
We collect membership updates for each group until there has been
no activity for, say, five seconds. Then we update ldap with
that batch.
Jim
I was feeling a little depressed that ldappcng does not provision
groups or memberships in real-time. It should.
We (Memphis) had Microsoft on campus the last two days to talk about
provisioning
Live@edu,
and it turns out they have a "new" plug-in to
ILM/FIM for
Live@edu
to provision groups - and it faces similar
issues. For example, "large" groups (where "large" = 30k members) are
recommended to be broken into smaller chunks, and the hardware
requirements (CPU, RAM) are different if groups are provisioned.
The more assumptions one makes about how groups are provisioned, the
easier it is to do so performantly. A generic real-time group
provisioner seems difficult, but I think we can do it.
TomZ
- [grouper-users] a comment regarding real-time group provisioning, Tom Zeller, 03/17/2011
- Re: [grouper-users] a comment regarding real-time group provisioning, Michael R. Gettes, 03/17/2011
- Re: [grouper-users] a comment regarding real-time group provisioning, Tom Zeller, 03/17/2011
- Re: [grouper-users] a comment regarding real-time group provisioning, Jim Fox, 03/17/2011
- Re: [grouper-users] a comment regarding real-time group provisioning, Michael R. Gettes, 03/17/2011
Archive powered by MHonArc 2.6.16.