Grouper Users - Open Discussion List

[Michael R Gettes <>]

I received only a few replies.  Others have run into this limitation of 
openldap not being able to support large static group objects. The problem is 
really large numbers of multi-valued attributes (not just group objects).  My 
observation is 5 seconds to update when the group object becomes greater than 
35K-40K members.  Apparently, openldap has to regenerate the 
member/uniquemember attributes for the entire object each time.  This appears 
to be a known issue with openldap since at least October of 2003.  People 
have switched to using 389/sun-oracle (the iPlanet derivatives) or Active 
Directory.  There are probably other directory servers able to support large 
group objects as well - but it would appear openldap and derivates have this 
problem.

i hope this helps.

/mrg

> On Jan 26, 2017, at 10:22 AM, Jorj Bauer 
> <>
>  wrote:
> 
> I'd love to hear an anonymized roll-up of what you find. We're in early 
> days of Grouper here and are picking a new LDAP back-end to replace our 
> Oracle DSEE - perfect timing for us to find out what our future troubles 
> are going to look like...
> 
> -- Jorj
> 
> 
> On 01/26/2017 09:49 AM, Michael R Gettes wrote:
>> Hi All,
>> 
>> A few months ago there was discussion around large groups for grouper.  I 
>> believe someone from either UCLA or Oregon State (or maybe some place 
>> else) indicated they had groups of 400K.  Would those people kindly 
>> contact me off list?  I have a couple of questions for you - not about 
>> grouper perf concerns, but about non-grouper perf concerns.
>> 
>> Thank you!
>> 
>> /mrg
>>