[midPoint] Help optimizing metarole that's called over 1000 times per user.

Wed Feb 20 10:26:27 CET 2019

Hi Alcides,

i don't see the problem with your org/role hierarchy, but if the role gets
evaluated too many times, role idempotence configuration always comes to
mind

https://wiki.evolveum.com/display/midPoint/Roles+and+Policies+Configuration#RolesandPoliciesConfiguration-IdempotentRoles

If you don't need the metarole evaluated for every single assignment path,
try setting idempotence to conservative or aggressive.

But maybe you don't have 1500 assignment paths on a single user and then I
just don't know.

arnost

út 19. 2. 2019 v 22:31 odesílatel Alcides Carlos de Moraes Neto <
alcides.neto at gmail.com> napsal:

> Hello list,
>
> We have a very simple metarole that is applied to Roles in order to turn
> them into AD groups, done based on the documentation example (
> https://wiki.evolveum.com/display/midPoint/Roles,+Metaroles+and+Generic+Synchronization#Roles,MetarolesandGenericSynchronization-Higher-OrderInducements).
>
>
> We extend it, adding more inducements with associationFromLink. In total,
> there are 10 order=2 inducements. One for simple user account membership.
> Another for group-group membership, and the other 8 are for Org types, one
> for each AD projection that orgs can have. For these, there are script
> conditions that check for some assignment fields values.
>
> It all works just fine, however it performs horribly. When making changes
> or recomputing a user with very few assignments, just a Org and a group,
> the invocation count for this Metarole can reach 1500 calls. Each call is
> fast, but they add up to 500ms sometimes.
>
> This will not happen for users with no Org assigned. It seems midPoint
> goes 'nuts' and validates this metarole for every Org up in the
> organization tree. We do have a fairly complex Org Tree, with almost 1300
> Orgs. But all the inducements are order=2, shoulnd't only the immediate Org
> be validated?
>
> Any help here will be appreciated, thanks.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>

-- 

*Arnošt Starosta*
solution architect

gsm: [+420] 603 794 932
e‑mail: arnost.starosta at ami.cz

*AMI Praha a.s.*
Pláničkova 11, 162 00 Praha 6

tel.: [+420] 274 783 239 | web: www.ami.cz

[image: AMI Praha a.s.]

Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
za společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.

Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může obsahovat
důvěrné nebo osobní
informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
zveřejňování, zprostředkování
nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail neoprávněně,
informujte o tom prosím
odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
všech jeho příloh. Nakládáním
s neoprávněně získanými informacemi se vystavujete riziku právního postihu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190220/79df1ffc/attachment.htm>