Is the email address the subject id or a subject identifier? If so, I think if the query finds by id or identifier, it will avoid the problem. Look at WsSubjectLookup.
Otherwise, if the email address is not an id/identifier, then I believe the cache that you're running into is:
You can adjust those settings if you want, but just be aware that it could result it more queries to your ldap and have a performance hit.
Hi Shilen,
yes, I search for an user by email and if I don't find it I create a new
LDAP account.
I paste some simplified code for testing.
Currently I set up a workaround loop which try to retrieve the subject
multiple times, until it becames not null.
// --------------------------------------------------------
public class User {
private final String uid;
private final String email;
public User(String uid, String email) {
this.uid = uid;
this.email = email;
}
public String getUid() {
return uid;
}
public String getEmail() {
return email;
}
}
// --------------------------------------------------------
public class Util {
private static final Logger log = Logger.getLogger(Util.class.getName());
private static DirContext getDirContext() throws NamingException {
Hashtable<String, String> env = new Hashtable<>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:389");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "cn=Manager,dc=.....");
env.put(Context.SECURITY_CREDENTIALS, ".....");
return new InitialDirContext(env);
}
public static List<User> getUsersByEmail(String emailAddress) {
GcGetSubjects gs = new GcGetSubjects();
gs.assignSearchString(emailAddress);
gs.addSubjectAttributeName("mail");
gs.addSubjectAttributeName("uid");
WsSubject[] subjects = gs.execute().getWsSubjects();
if (subjects == null) {
return null;
}
List<User> users = new ArrayList<>();
for (WsSubject wsSubject : subjects) {
String mail = wsSubject.getAttributeValue(0);
if (emailAddress.equals(mail)) {
String uid = wsSubject.getAttributeValue(1);
users.add(new User(uid, mail));
}
}
if (users.isEmpty()) {
return null;
}
return users;
}
public static void createUser(String scope, User user) throws NamingException {
Attributes attributes = new BasicAttributes();
attributes.put("objectClass", "inetOrgPerson");
attributes.put("mail", user.getEmail());
attributes.put("uid", user.getUid());
attributes.put("cn", "N/A");
attributes.put("sn", "N/A");
attributes.put("userPassword", "foo");
getDirContext().createSubcontext("uid=" + user.getUid() + "," + scope, attributes);
}
public static List<String> getSubjectsIdsFromAttribute(String attributeName, String attributeValue, boolean newlyCreatedUser) {
log.debug("Searching the id of a subject with the attribute '" + attributeName + "' equals to '" + attributeValue + "'");
GcGetSubjects gs = new GcGetSubjects();
gs.assignSearchString(attributeValue);
gs.addSubjectAttributeName(attributeName);
List<String> subjectsIds = new ArrayList<>();
for (int attempt = 1; attempt <= 40; attempt++) {
WsSubject[] subjects = gs.execute().getWsSubjects();
if (subjects != null) {
for (WsSubject subject : subjects) {
String retrievedAttribute = subject.getAttributeValue(0);
if (attributeValue.equals(retrievedAttribute)) {
subjectsIds.add(subject.getId());
}
}
}
if (!newlyCreatedUser) {
if (subjectsIds.isEmpty()) {
return null;
}
return subjectsIds;
}
if (!subjectsIds.isEmpty()) {
return subjectsIds;
}
log.debug("subjectId is null, attempt #" + attempt);
try {
Thread.sleep(1000);
} catch (InterruptedException ex) {
}
}
if (subjectsIds.isEmpty()) {
return null;
}
return subjectsIds;
}
}
// --------------------------------------------------------
public class MainTest {
@Test
public void test() throws Exception {
String email = "";
boolean newlyCreated = false;
List<User> users = Util.getUsersByEmail(email);
if (users == null) {
User user = new User(email, email);
Util.createUser("ou=custom_users,dc=oats,dc=inaf,dc=it", user);
newlyCreated = true;
users = new ArrayList<>();
users.add(user);
}
for (User user : users) {
assertNotNull(Util.getSubjectsIdsFromAttribute("mail", user.getEmail(), newlyCreated));
// Use subject id to add user into groups
}
}
}
Thank you for your time.
Cheers,
Sonia
On 14/09/2016 16:03, Shilen Patel wrote:
Hi Sonia,
Are you running GcGetSubjects for a user, then adding the ldap account,
and then running GcGetSubjects again?
If so, then I could see the first query doing some caching. Although, I
haven't been able to reproduce it. Can you send exactly how you're doing
that query?
Thanks!
- Shilen
On 9/14/16, 6:07 AM, "Sonia Zorba" <> wrote:
Hi,
I have an application that adds a new account to a LDAP (using
javax.naming classes).
This LDAP is a source for Grouper and, after the insertion, the
application try to retrieve the new account using the Grouper API
(GcGetSubjects).
For about the first 30 seconds the subject is not found, after it is
retrieved correctly.
I imagine there could be a kind of cache or other reasons for this delay
but I wasn't able to find any reference about this in the documentation.
Can you suggest me what I should configure to speed up this process?
Thanks,
Sonia