grouper-users - Re: [grouper-users] Slow incremental provisioning with PSPNG
Subject: Grouper Users - Open Discussion List
List archive
- From: "Crawford, Jeffrey" <>
- To: Yoann Delattre <>, "" <>
- Subject: Re: [grouper-users] Slow incremental provisioning with PSPNG
- Date: Mon, 2 Mar 2020 16:53:00 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=it.ucla.edu; dmarc=pass action=none header.from=it.ucla.edu; dkim=pass header.d=it.ucla.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2jmpau49gDlL2NMo8ZbYHr1+B9vVi0XsEVuKkfgzwd0=; b=QOXxLQo7JVrBsDB0Y56aDt0QxTzja/6YaVHVsC8k2Sue5yOtSMa0X9uy6Gxht/SAZAhZ1RHrhUJqLvseJlqvULIx6I/BrYidmeWh3ATN7kuGE/iU5jBa2bBnQw7lNB7bxg0kHfhiU1GZbgnFAig8EvsPvuiVK3TiyX87Komitppde1UyhKrjreukqIYdBn3fPWNqRXB2miTDLelVUDVIpqqB23w2Xm6XXMhaJE68Jh1HjiEjAUI0ghsm7x3YNwD9IzvEspS0uE75l05vDAZgdpAvY4m8Zs/S6Dc+x1tBBr7cs4yMpe/NiYV7OIE2m7XCfTI9JoMS9M3iUYtSv3/2xQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZbB+aY8PODCHgxP65Mc+p5G9jSdBTGfQ/6nfnx70hPLf86pUKVgRD0A24dgU+p4AnEF53C/7iUUjVdZRv60OU6uSudF4oJi19h9RnGyoXrQAF3f21SKb7tTvWPcbA5PutMcpBgbpEBF6Hvtuy6W0eM0utT1KSBF6hS2srT6AmWDgW9hvYgYsq3ZqUt/tNJisK/x9rN+7YUgN/BT/e569gBND3gRngZVNyOC9yMtuoO1Kg/VPbL0MjYjywZazTBkgultVL8JllvSN4hh6U8FwgY/vh2MeHa3U5QT7AS9Am0UNH882F1V9as9GPgZa77slRBrzGhXyKAm5jCYvdhPNqQ==
|
Hi Yoann,
Try adding the following two to your provisioner configs. If you run out of cache space it may be performing excessive searches.
…grouperSubjectCacheSize = 1000000 …targetSystemUserCacheSize = 1000000
Adjust the actual number to around how many you expect to be loading, and make sure you are running with enough memory.
Obviously the regular check of LDAP indexes being applied correctly still apply 😊
Jeffrey C.
From: <> on behalf of Yoann Delattre <>
Hello everyone, I just upgraded to 2.4 and i use PSPNG with latest patches (12). I launched PSPNG with debug log and there is a lot of lines like this : Mar 2 10:20:44 grouper2.in.ac-lille.fr grouper-api-pspng[8117]: 2020-03-02 10:20:44,888: [DefaultQuartzScheduler_Worker-10] DEBUG Provisioner.evaluateJexlExpression(777) - - Evaluated GroupSelection Jexl _expression_: 'true' It's take around 40 min to evaluate all the groups. See log attached. Below the config for all provisioners :
## Alimentation des groupes dans la branche ou=Grouper,ou=education,o=gouv,c=fr changeLog.consumer.pspng_brancheGrouper.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim changeLog.consumer.pspng_brancheGrouper.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner changeLog.consumer.pspng_brancheGrouper.quartzCron = 0 * * * * ? changeLog.consumer.pspng_brancheGrouper.ldapPoolName = ldapLille changeLog.consumer.pspng_brancheGrouper.memberAttributeName = uniqueMember changeLog.consumer.pspng_brancheGrouper.memberAttributeValueFormat = ${ldapUser.getDn()} changeLog.consumer.pspng_brancheGrouper.groupSearchBaseDn = ou=Grouper,ou=education,o=gouv,c=fr changeLog.consumer.pspng_brancheGrouper.allGroupsSearchFilter = objectclass=groupOfUniqueNames changeLog.consumer.pspng_brancheGrouper.singleGroupSearchFilter = (&(objectclass=groupOfUniqueNames)(cn=${group.name})) changeLog.consumer.pspng_brancheGrouper.groupSearchAttributes = cn,objectclass changeLog.consumer.pspng_brancheGrouper.groupCreationLdifTemplate = dn: cn=${group.name}||cn: ${group.name}||description: ${group.description}||ou: ${group.displayName}||objectclass: groupOfUniqueNames||objectclass: educationnationale changeLog.consumer.pspng_brancheGrouper.groupSelectionExpression = ${!name.endsWith("_systemOfRecord") && !name.endsWith("_systemOfRecordAndIncludes") && !name.endsWith("_includes") && !name.endsWith("_excludes")} changeLog.consumer.pspng_brancheGrouper.userSearchBaseDn = ou=ac-lille,ou=education,o=gouv,c=fr changeLog.consumer.pspng_brancheGrouper.userSearchFilter = uid=${subject.id} changeLog.consumer.pspng_brancheGrouper.grouperIsAuthoritative = true ## Alimentation des groupes dans la branche ou=listes,ou=ac-lille,ou=education,o=gouv,c=fr changeLog.consumer.pspng_brancheListes.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim changeLog.consumer.pspng_brancheListes.type = edu.internet2.middleware.grouper.pspng.LdapGroupProvisioner changeLog.consumer.pspng_brancheListes.quartzCron = 0 * * * * ? changeLog.consumer.pspng_brancheListes.ldapPoolName = ldapLille changeLog.consumer.pspng_brancheListes.memberAttributeName = uniqueMember changeLog.consumer.pspng_brancheListes.memberAttributeValueFormat = ${ldapUser.getDn()} changeLog.consumer.pspng_brancheListes.groupSearchBaseDn = ou=listes,ou=ac-lille,ou=education,o=gouv,c=fr changeLog.consumer.pspng_brancheListes.allGroupsSearchFilter = (&(objectclass=groupOfUniqueNames)(typensi=grouper)) changeLog.consumer.pspng_brancheListes.singleGroupSearchFilter = (&(objectclass=groupOfUniqueNames)(typensi=grouper)(cn=${group.extension})) changeLog.consumer.pspng_brancheListes.groupSearchAttributes = cn,objectclass,typensi changeLog.consumer.pspng_brancheListes.groupCreationLdifTemplate = dn: cn=${group.extension}||cn: ${group.extension}||objectclass: groupOfUniqueNames||objectclass: educationnationale||typensi: grouper changeLog.consumer.pspng_brancheListes.userSearchBaseDn = ou=ac-lille,ou=education,o=gouv,c=fr changeLog.consumer.pspng_brancheListes.userSearchFilter = uid=${subject.id} changeLog.consumer.pspng_brancheListes.grouperIsAuthoritative = true ## Alimentation de l'attribut FrEduLilHabilitation dans la branche ou=ac-lille,ou=education,o=gouv,c=fr changeLog.consumer.pspng_attrFrEduLilHabilitation.class = edu.internet2.middleware.grouper.pspng.PspChangelogConsumerShim changeLog.consumer.pspng_attrFrEduLilHabilitation.type = edu.internet2.middleware.grouper.pspng.LdapAttributeProvisioner changeLog.consumer.pspng_attrFrEduLilHabilitation.quartzCron = 0 * * * * ? changeLog.consumer.pspng_attrFrEduLilHabilitation.ldapPoolName = ldapLille changeLog.consumer.pspng_attrFrEduLilHabilitation.provisionedAttributeName = FrEduLilHabilitation changeLog.consumer.pspng_attrFrEduLilHabilitation.provisionedAttributeValueFormat = Grouper|${group.name} changeLog.consumer.pspng_attrFrEduLilHabilitation.userSearchBaseDn = ou=ac-lille,ou=education,o=gouv,c=fr changeLog.consumer.pspng_attrFrEduLilHabilitation.userSearchFilter = uid=${subject.id} changeLog.consumer.pspng_attrFrEduLilHabilitation.groupSelectionExpression = ${name.startsWith("app:") && name.contains(":habil:")} changeLog.consumer.pspng_attrFrEduLilHabilitation.grouperIsAuthoritative = true changeLog.consumer.pspng_attrFrEduLilHabilitation.allProvisionedValuesPrefix = Grouper\\| Is there a way to improve performance ? Maybe i need to stop using the JEXL _expression_ and used only provisoning attributes ? Any suggestion ? Thanks a lot ! Regards, Yoann --
| ||||||||||
- [grouper-users] Slow incremental provisioning with PSPNG, Yoann Delattre, 03/02/2020
- Re: [grouper-users] Slow incremental provisioning with PSPNG, Crawford, Jeffrey, 03/02/2020
- Re: [grouper-users] Slow incremental provisioning with PSPNG, Yoann Delattre, 03/04/2020
- Re: [grouper-users] Slow incremental provisioning with PSPNG, Yoann Delattre, 03/09/2020
- Re: [grouper-users] Slow incremental provisioning with PSPNG, Yoann Delattre, 03/04/2020
- Re: [grouper-users] Slow incremental provisioning with PSPNG, Crawford, Jeffrey, 03/02/2020
Archive powered by MHonArc 2.6.19.