Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] LDAP Subject Search performance

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] LDAP Subject Search performance


Chronological Thread 
  • From: "Klug, Lawrence" <>
  • To: Tom Zeller <>
  • Cc: "" <>
  • Subject: RE: [grouper-users] LDAP Subject Search performance
  • Date: Fri, 9 Sep 2011 11:29:19 -0700
  • Accept-language: en-US
  • Acceptlanguage: en-US
Here is the sanitized LDAP section from our sources.xml:

<source
adapterClass="edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter">
<id>ldap</id>
<name>ED Source Adapter</name>
<type>person</type>
<init-param>
<param-name>INITIAL_CONTEXT_FACTORY</param-name>
<param-value>com.sun.jndi.ldap.LdapCtxFactory</param-value>
</init-param>
<init-param>
<param-name>PROVIDER_URL</param-name>
<param-value>hostname-omitted</param-value>
</init-param>
<init-param>
<param-name>SECURITY_AUTHENTICATION</param-name>
<param-value>simple</param-value>
</init-param>
<init-param>
<param-name>SECURITY_PRINCIPAL</param-name>
<param-value>security-principal-omitted</param-value>
</init-param>
<init-param>
<param-name>SECURITY_CREDENTIALS</param-name>
<param-value>password-omitted</param-value>
</init-param>
<init-param>
<param-name>SubjectID_AttributeType</param-name>
<param-value>uclaPPID</param-value>
</init-param>
<init-param>
<param-name>Name_AttributeType</param-name>
<param-value>cn</param-value>
</init-param>
<init-param>
<param-name>Description_AttributeType</param-name>
<param-value>displayName</param-value>
</init-param>

/// Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE
/// For filter use

<search>
<searchType>searchSubject</searchType>
<param>
<param-name>filter</param-name>
<param-value>
(&amp; (uclaPPID=%TERM%)(objectclass=person))
</param-value>
</param>
<param>
<param-name>scope</param-name>
<param-value>
SUBTREE_SCOPE
</param-value>
</param>
<param>
<param-name>base</param-name>
<param-value>
ou=people,dc=edtest,dc=ucla,dc=edu
</param-value>
</param>

</search>
<search>
<searchType>searchSubjectByIdentifier</searchType>
<param>
<param-name>filter</param-name>
<param-value>

(&amp;(|(uclaPPID=%TERM%)(uclaLogonID=%TERM%)(edupersonprincipalname=%TERM%))(objectClass=person))
</param-value>
</param>
<param>
<param-name>scope</param-name>
<param-value>
SUBTREE_SCOPE
</param-value>
</param>
<param>
<param-name>base</param-name>
<param-value>
ou=people,dc=edtest,dc=ucla,dc=edu
</param-value>
</param>
</search>

<search>
<searchType>search</searchType>
<param>
<param-name>filter</param-name>
<param-value>

(&amp;(|(cn=*%TERM%*)(uclaLogonID=%TERM%)(uclaPPID=%TERM%))(objectClass=person))
</param-value>
</param>
<param>
<param-name>scope</param-name>
<param-value>
SUBTREE_SCOPE
</param-value>
</param>
<param>
<param-name>base</param-name>
<param-value>
ou=people,dc=edtest,dc=ucla,dc=edu
</param-value>
</param>
</search>
<init-param>
<param-name>subjectVirtualAttribute_0_searchAttribute0</param-name>

<param-value>${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'),

"")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'),

"")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uclaPPID'),
"")}</param-value>
</init-param>
<init-param>
<param-name>sortAttribute0</param-name>
<param-value>cn</param-value>
</init-param>
<init-param>
<param-name>searchAttribute0</param-name>
<param-value>searchAttribute0</param-value>
</init-param>
<internal-attribute>searchAttribute0</internal-attribute>

///Attributes you would like to display when doing a search

<attribute>cn</attribute>
<attribute>sn</attribute>
<attribute>displayname</attribute>
<attribute>uclalogonid</attribute>
<attribute>edupersonprincipalname</attribute>
<attribute>uclauniversityid</attribute>
<attribute>edupersonaffiliation</attribute>

</source>

-----Original Message-----
From:


[mailto:]
On Behalf Of Tom Zeller
Sent: Friday, September 09, 2011 11:12 AM
To: Klug, Lawrence
Cc:

Subject: Re: [grouper-users] LDAP Subject Search performance

The UW vt-ldap based ldap source adapter has connection pooling which may
help you, and is included (in subject.jar) in recent grouper releases.

Example configurations for this source adapter are available via

http://anonsvn.internet2.edu/svn/i2mi/tags/GROUPER_2_0_0/subject/conf/

We probably should include ldap.properties.example and
ldap.sources.xml.example in the api distribution.

You may wish to post the relevant section of your sources.xml file including
your ldap search filters, for us to take a look at.

On Fri, Sep 9, 2011 at 12:52 PM, Klug, Lawrence
<>
wrote:
> Tom,
>
> I'm using the original JNDI/LDAP source adapter:
>
>  <source
> adapterClass="edu.internet2.middleware.grouper.subj.GrouperJndiSourceA
> dapter">
>
> Thanks,
>
> Lawrence
>
> -----Original Message-----
> From:
>
>
> [mailto:]
> On Behalf Of Tom
> Zeller
> Sent: Friday, September 09, 2011 10:46 AM
> To: Klug, Lawrence
> Cc:
>
> Subject: Re: [grouper-users] LDAP Subject Search performance
>
> In sources.xml, are you using the original JNDI/LDAP source adapter
>
>  <source
> adapterClass="edu.internet2.middleware.grouper.subj.GrouperJndiSourceA
> dapter">
>
> or the vt-ldap based UW LDAP source adapter
>
>  <source
> adapterClass="edu.internet2.middleware.subject.provider.LdapSourceAdap
> ter">
>
> ?
>
> On Fri, Sep 9, 2011 at 12:21 PM, Klug, Lawrence
> <>
> wrote:
>> Some of our LDAP Subject Searches are taking a long time.  Is there a
>> way to tune these queries in the Source configuration?
>>
>>
>>
>> Thanks,
>>
>>
>>
>> Lawrence
>

Archive powered by MHonArc 2.6.16.

Top of Page