grouper-users - Re: [grouper-users] LDAP Subject Search performance
Subject: Grouper Users - Open Discussion List
List archive
- From: Tom Zeller <>
- To: "Klug, Lawrence" <>
- Cc: "" <>
- Subject: Re: [grouper-users] LDAP Subject Search performance
- Date: Fri, 9 Sep 2011 13:55:05 -0500
Take a look at grouper.ehcache.xml, maxElementsInMemory should
probably be larger than the number of subjects, i.e. if you have 10k
objects in ou=people then maxElementsInMemory should be > 10k. You may
want to increase the idle times as well.
<!-- Subject resolving caching -->
<!-- @see CachingResolver#find(...) -->
<cache name="edu.internet2.middleware.grouper.subj.CachingResolver.Find"
maxElementsInMemory="5000"
eternal="false"
timeToIdleSeconds="30"
timeToLiveSeconds="120"
overflowToDisk="false"
/>
<!-- @see CachingResolver#findAll(...) -->
<cache name="edu.internet2.middleware.grouper.subj.CachingResolver.FindAll"
maxElementsInMemory="5000"
eternal="false"
timeToIdleSeconds="30"
timeToLiveSeconds="120"
overflowToDisk="false"
/>
<!-- @see CachingResolver#findByIdentifier(...) -->
<cache
name="edu.internet2.middleware.grouper.subj.CachingResolver.FindByIdentifier"
maxElementsInMemory="5000"
eternal="false"
timeToIdleSeconds="30"
timeToLiveSeconds="120"
overflowToDisk="false"
/>
<!-- @see CachingResolver#findByIdOrIdentifier(...) -->
<cache
name="edu.internet2.middleware.grouper.subj.CachingResolver.FindByIdOrIdentifier"
maxElementsInMemory="5000"
eternal="false"
timeToIdleSeconds="30"
timeToLiveSeconds="120"
overflowToDisk="false"
/>
On Fri, Sep 9, 2011 at 1:36 PM, Tom Zeller
<>
wrote:
> And your ldap server has the appropriate indices (indexes) for
> uclaPPID, uclaLogonID, and edupersonprincipalname ?
>
> And when you mean slow, do you mean any one search is slow or there
> are lots of quick searches which results in overall slowness ?
>
> (I am, coincidentally, looking at caching parameters for subject searches)
>
> On Fri, Sep 9, 2011 at 1:29 PM, Klug, Lawrence
> <>
> wrote:
>> Here is the sanitized LDAP section from our sources.xml:
>>
>> <source
>> adapterClass="edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter">
>> <id>ldap</id>
>> <name>ED Source Adapter</name>
>> <type>person</type>
>> <init-param>
>> <param-name>INITIAL_CONTEXT_FACTORY</param-name>
>> <param-value>com.sun.jndi.ldap.LdapCtxFactory</param-value>
>> </init-param>
>> <init-param>
>> <param-name>PROVIDER_URL</param-name>
>> <param-value>hostname-omitted</param-value>
>> </init-param>
>> <init-param>
>> <param-name>SECURITY_AUTHENTICATION</param-name>
>> <param-value>simple</param-value>
>> </init-param>
>> <init-param>
>> <param-name>SECURITY_PRINCIPAL</param-name>
>> <param-value>security-principal-omitted</param-value>
>> </init-param>
>> <init-param>
>> <param-name>SECURITY_CREDENTIALS</param-name>
>> <param-value>password-omitted</param-value>
>> </init-param>
>> <init-param>
>> <param-name>SubjectID_AttributeType</param-name>
>> <param-value>uclaPPID</param-value>
>> </init-param>
>> <init-param>
>> <param-name>Name_AttributeType</param-name>
>> <param-value>cn</param-value>
>> </init-param>
>> <init-param>
>> <param-name>Description_AttributeType</param-name>
>> <param-value>displayName</param-value>
>> </init-param>
>>
>> /// Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE
>> /// For filter use
>>
>> <search>
>> <searchType>searchSubject</searchType>
>> <param>
>> <param-name>filter</param-name>
>> <param-value>
>> (& (uclaPPID=%TERM%)(objectclass=person))
>> </param-value>
>> </param>
>> <param>
>> <param-name>scope</param-name>
>> <param-value>
>> SUBTREE_SCOPE
>> </param-value>
>> </param>
>> <param>
>> <param-name>base</param-name>
>> <param-value>
>> ou=people,dc=edtest,dc=ucla,dc=edu
>> </param-value>
>> </param>
>>
>> </search>
>> <search>
>> <searchType>searchSubjectByIdentifier</searchType>
>> <param>
>> <param-name>filter</param-name>
>> <param-value>
>>
>> (&(|(uclaPPID=%TERM%)(uclaLogonID=%TERM%)(edupersonprincipalname=%TERM%))(objectClass=person))
>> </param-value>
>> </param>
>> <param>
>> <param-name>scope</param-name>
>> <param-value>
>> SUBTREE_SCOPE
>> </param-value>
>> </param>
>> <param>
>> <param-name>base</param-name>
>> <param-value>
>> ou=people,dc=edtest,dc=ucla,dc=edu
>> </param-value>
>> </param>
>> </search>
>>
>> <search>
>> <searchType>search</searchType>
>> <param>
>> <param-name>filter</param-name>
>> <param-value>
>>
>> (&(|(cn=*%TERM%*)(uclaLogonID=%TERM%)(uclaPPID=%TERM%))(objectClass=person))
>> </param-value>
>> </param>
>> <param>
>> <param-name>scope</param-name>
>> <param-value>
>> SUBTREE_SCOPE
>> </param-value>
>> </param>
>> <param>
>> <param-name>base</param-name>
>> <param-value>
>> ou=people,dc=edtest,dc=ucla,dc=edu
>> </param-value>
>> </param>
>> </search>
>> <init-param>
>> <param-name>subjectVirtualAttribute_0_searchAttribute0</param-name>
>>
>> <param-value>${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'),
>>
>> "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'),
>>
>> "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uclaPPID'),
>> "")}</param-value>
>> </init-param>
>> <init-param>
>> <param-name>sortAttribute0</param-name>
>> <param-value>cn</param-value>
>> </init-param>
>> <init-param>
>> <param-name>searchAttribute0</param-name>
>> <param-value>searchAttribute0</param-value>
>> </init-param>
>> <internal-attribute>searchAttribute0</internal-attribute>
>>
>> ///Attributes you would like to display when doing a search
>>
>> <attribute>cn</attribute>
>> <attribute>sn</attribute>
>> <attribute>displayname</attribute>
>> <attribute>uclalogonid</attribute>
>> <attribute>edupersonprincipalname</attribute>
>> <attribute>uclauniversityid</attribute>
>> <attribute>edupersonaffiliation</attribute>
>>
>> </source>
>>
>> -----Original Message-----
>> From:
>>
>>
>> [mailto:]
>> On Behalf Of Tom Zeller
>> Sent: Friday, September 09, 2011 11:12 AM
>> To: Klug, Lawrence
>> Cc:
>>
>> Subject: Re: [grouper-users] LDAP Subject Search performance
>>
>> The UW vt-ldap based ldap source adapter has connection pooling which may
>> help you, and is included (in subject.jar) in recent grouper releases.
>>
>> Example configurations for this source adapter are available via
>>
>> http://anonsvn.internet2.edu/svn/i2mi/tags/GROUPER_2_0_0/subject/conf/
>>
>> We probably should include ldap.properties.example and
>> ldap.sources.xml.example in the api distribution.
>>
>> You may wish to post the relevant section of your sources.xml file
>> including your ldap search filters, for us to take a look at.
>>
>> On Fri, Sep 9, 2011 at 12:52 PM, Klug, Lawrence
>> <>
>> wrote:
>>> Tom,
>>>
>>> I'm using the original JNDI/LDAP source adapter:
>>>
>>> <source
>>> adapterClass="edu.internet2.middleware.grouper.subj.GrouperJndiSourceA
>>> dapter">
>>>
>>> Thanks,
>>>
>>> Lawrence
>>>
>>> -----Original Message-----
>>> From:
>>>
>>>
>>> [mailto:]
>>> On Behalf Of Tom
>>> Zeller
>>> Sent: Friday, September 09, 2011 10:46 AM
>>> To: Klug, Lawrence
>>> Cc:
>>>
>>> Subject: Re: [grouper-users] LDAP Subject Search performance
>>>
>>> In sources.xml, are you using the original JNDI/LDAP source adapter
>>>
>>> <source
>>> adapterClass="edu.internet2.middleware.grouper.subj.GrouperJndiSourceA
>>> dapter">
>>>
>>> or the vt-ldap based UW LDAP source adapter
>>>
>>> <source
>>> adapterClass="edu.internet2.middleware.subject.provider.LdapSourceAdap
>>> ter">
>>>
>>> ?
>>>
>>> On Fri, Sep 9, 2011 at 12:21 PM, Klug, Lawrence
>>> <>
>>> wrote:
>>>> Some of our LDAP Subject Searches are taking a long time. Is there a
>>>> way to tune these queries in the Source configuration?
>>>>
>>>>
>>>>
>>>> Thanks,
>>>>
>>>>
>>>>
>>>> Lawrence
>>>
>>
>
- [grouper-users] LDAP Subject Search performance, Klug, Lawrence, 09/09/2011
- Re: [grouper-users] LDAP Subject Search performance, Tom Zeller, 09/09/2011
- RE: [grouper-users] LDAP Subject Search performance, Klug, Lawrence, 09/09/2011
- Re: [grouper-users] LDAP Subject Search performance, Tom Zeller, 09/09/2011
- RE: [grouper-users] LDAP Subject Search performance, Klug, Lawrence, 09/09/2011
- Re: [grouper-users] LDAP Subject Search performance, Tom Zeller, 09/09/2011
- Re: [grouper-users] LDAP Subject Search performance, Tom Zeller, 09/09/2011
- RE: [grouper-users] LDAP Subject Search performance, Klug, Lawrence, 09/09/2011
- Re: [grouper-users] LDAP Subject Search performance, Tom Zeller, 09/09/2011
- RE: [grouper-users] LDAP Subject Search performance, Klug, Lawrence, 09/09/2011
- Re: [grouper-users] LDAP Subject Search performance, Tom Zeller, 09/09/2011
- RE: [grouper-users] LDAP Subject Search performance, Klug, Lawrence, 09/09/2011
- Re: [grouper-users] LDAP Subject Search performance, Tom Zeller, 09/09/2011
Archive powered by MHonArc 2.6.16.