Grouper Users - Open Discussion List

[Sonia Zorba <>]

Hi,

thank you very much! I adjusted the cache time to 10 seconds and the delay is decreased.

Unfortunately in our situation different subjects can have the same email address (they are the same person, but with different username), so I can't set the email as a subject identifier (if I understood correctly they have to be unique, like the subject id).

Cheers,
Sonia

On 14/09/2016 18:12, Shilen Patel wrote:

Hi Sonia,

Is the email address the subject id or a subject identifier?  If so, I think if the query finds by id or identifier, it will avoid the problem.  Look at WsSubjectLookup.

Otherwise, if the email address is not an id/identifier, then I believe the cache that you're running into is:

  <cache  name="edu.internet2.middleware.grouper.subj.CachingResolver.FindPage"

          maxElementsInMemory="5000"

          eternal="false"

          timeToIdleSeconds="30"

          timeToLiveSeconds="30"

          overflowToDisk="false"

          statistics="false"

You can adjust those settings if you want, but just be aware that it could result it more queries to your ldap and have a performance hit.

Thanks!

- Shilen

On 9/14/16, 11:04 AM, "Sonia Zorba" <> wrote:

Hi Shilen,

yes, I search for an user by email and if I don't find it I create a new

LDAP account.

I paste some simplified code for testing.

Currently I set up a workaround loop which try to retrieve the subject

multiple times, until it becames not null.

// --------------------------------------------------------

public class User {

     private final String uid;

     private final String email;

     public User(String uid, String email) {

         this.uid = uid;

         this.email = email;

     }

     public String getUid() {

         return uid;

     }

     public String getEmail() {

         return email;

     }

}

// --------------------------------------------------------

public class Util {

     private static final Logger log = Logger.getLogger(Util.class.getName());

     private static DirContext getDirContext() throws NamingException {

         Hashtable<String, String> env = new Hashtable<>();

         env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

         env.put(Context.PROVIDER_URL, "ldap://localhost:389");

         env.put(Context.SECURITY_AUTHENTICATION, "simple");

         env.put(Context.SECURITY_PRINCIPAL, "cn=Manager,dc=.....");

         env.put(Context.SECURITY_CREDENTIALS, ".....");

         return new InitialDirContext(env);

     }

     public static List<User> getUsersByEmail(String emailAddress) {

         GcGetSubjects gs = new GcGetSubjects();

         gs.assignSearchString(emailAddress);

         gs.addSubjectAttributeName("mail");

         gs.addSubjectAttributeName("uid");

         WsSubject[] subjects = gs.execute().getWsSubjects();

         if (subjects == null) {

             return null;

         }

         List<User> users = new ArrayList<>();

         for (WsSubject wsSubject : subjects) {

             String mail = wsSubject.getAttributeValue(0);

             if (emailAddress.equals(mail)) {

                 String uid = wsSubject.getAttributeValue(1);

                 users.add(new User(uid, mail));

             }

         }

         if (users.isEmpty()) {

             return null;

         }

         return users;

     }

     public static void createUser(String scope, User user) throws NamingException {

         Attributes attributes = new BasicAttributes();

         attributes.put("objectClass", "inetOrgPerson");

         attributes.put("mail", user.getEmail());

         attributes.put("uid", user.getUid());

         attributes.put("cn", "N/A");

         attributes.put("sn", "N/A");

         attributes.put("userPassword", "foo");

         getDirContext().createSubcontext("uid=" + user.getUid() + "," + scope, attributes);

     }

     public static List<String> getSubjectsIdsFromAttribute(String attributeName, String attributeValue, boolean newlyCreatedUser) {

         log.debug("Searching the id of a subject with the attribute '" + attributeName + "' equals to '" + attributeValue + "'");

         GcGetSubjects gs = new GcGetSubjects();

         gs.assignSearchString(attributeValue);

         gs.addSubjectAttributeName(attributeName);

         List<String> subjectsIds = new ArrayList<>();

         for (int attempt = 1; attempt <= 40; attempt++) {

             WsSubject[] subjects = gs.execute().getWsSubjects();

             if (subjects != null) {

                 for (WsSubject subject : subjects) {

                     String retrievedAttribute = subject.getAttributeValue(0);

                     if (attributeValue.equals(retrievedAttribute)) {

                         subjectsIds.add(subject.getId());

                     }

                 }

             }

             if (!newlyCreatedUser) {

                 if (subjectsIds.isEmpty()) {

                     return null;

                 }

                 return subjectsIds;

             }

             if (!subjectsIds.isEmpty()) {

                 return subjectsIds;

             }

             log.debug("subjectId is null, attempt #" + attempt);

             try {

                 Thread.sleep(1000);

             } catch (InterruptedException ex) {

             }

         }

         if (subjectsIds.isEmpty()) {

             return null;

         }

         return subjectsIds;

     }

}

// --------------------------------------------------------

public class MainTest {

     @Test

     public void test() throws Exception {

         String email = "";

         boolean newlyCreated = false;

         List<User> users = Util.getUsersByEmail(email);

         if (users == null) {

             User user = new User(email, email);

             Util.createUser("ou=custom_users,dc=oats,dc=inaf,dc=it", user);

             newlyCreated = true;

             users = new ArrayList<>();

             users.add(user);

         }

         for (User user : users) {

             assertNotNull(Util.getSubjectsIdsFromAttribute("mail", user.getEmail(), newlyCreated));

             // Use subject id to add user into groups

         }

     }

}

Thank you for your time.

Cheers,

Sonia

On 14/09/2016 16:03, Shilen Patel wrote:

Hi Sonia,

Are you running GcGetSubjects for a user, then adding the ldap account,

and then running GcGetSubjects again?

If so, then I could see the first query doing some caching.  Although, I

haven't been able to reproduce it.  Can you send exactly how you're doing

that query?

Thanks!

- Shilen

On 9/14/16, 6:07 AM, "Sonia Zorba" <> wrote:

Hi,

I have an application that adds a new account to a LDAP (using

javax.naming classes).

This LDAP is a source for Grouper and, after the insertion, the

application try to retrieve the new account using the Grouper API

(GcGetSubjects).

For about the first 30 seconds the subject is not found, after it is

retrieved correctly.

I imagine there could be a kind of cache or other reasons for this delay

but I wasn't able to find any reference about this in the documentation.

Can you suggest me what I should configure to speed up this process?

Thanks,

Sonia