directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yudhi Karunia Surtan <brainmaster...@gmail.com>
Subject Re: Fortress performance tests
Date Mon, 26 Jun 2017 06:48:53 GMT
Ah, then it is because i am using mdb as the database and reach the
maxfilesize.
Once it is reach the limit index file become corrupt.
I think i still need more investigation about this. Thanks for the answer
Shawn, will do separate mail for tell about the experiment result.

On Jun 26, 2017 8:05 AM, "Shawn McKinney" <smckinney@apache.org> wrote:

>
>
> > On Jun 25, 2017, at 10:34 AM, Yudhi Karunia Surtan <
> brainmaster716@gmail.com> wrote:
> >
> > did someone ever tried to use fortress and having ldap entries for
> around >
> > 10 million entries?
> > i'm curious if fortress able to handle so many entries below ou=people.
> > honestly, i'm newbie in ldap and did some experiment that AccessMgr will
> > get timeout when ou=people filled so many entries.
> > i don't think increasing the timeout is the solution, more entries mean
> > will also increase the timeout setting later.
>
> Yudhi,
>
> I just loaded up 1M users and there are no performance degradations.  It
> took about 20 minutes to create the users, longer to assign each user 10
> roles.
>
> No surprise there, LDAP is made for this.  Of course the indexes need to
> be in place, which if you follow the default setup for OpenLDAP they will
> be.
>
> There is a caveat, fortress supports two way user-role assignments.  That
> is the role attribute is stored on user object, and the user membership is
> on the Role object.  The latter is to be compatible with non-rbac
> implementations that use traditional group membership lookups for access
> control.
>
> The problem is when group have large numbers of users, i.e. 10’s of
> thousands, performance degrades on the edits of those objects.
>
> Strictly speaking fortress doesn’t need to associate user membership with
> roles, for its RBAC controls, so I am going to add a option to disable,
> with config switch.  Something along the lines of:
> role.occupants = false <— disable role-to-user mapping
> role.occupants = true <— enable role-to-user mapping
>
> To load the 1M users:
>
> https://github.com/apache/directory-fortress-core/blob/
> master/src/test/java/org/apache/directory/fortress/core/samples/
> LoadTestUserSample.java
>
> This class is still a little rough around the edges, and needs some work,
> but if you want to try it let me know and we’ll get it cleaned up.
>
> Thanks,
> Shawn
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message