[midPoint] Large groups with OpenLDAP

Carl Waldbieser waldbiec at lafayette.edu
Tue May 22 20:49:49 CEST 2018


Keith,

I had posted on the tier midpoint slack channel, but our largest group is for alumni, and has about 32,000 members.
I can add and remove a member from the group fairly quickly.

On a *non-loaded* system I added and removed a member 100 times to the group, and the wall time was only 2.758s.  That meant that is single change was on average less than 30 milliseconds.  A lot of that could simply be network latency or the fact that my test opens a new TCP connection for each request.  An optimized client could make many changes simultaneously, and it wouldn't necessarily have to make a new TCP connection per request.

One noteworthy point is that we don't use the overlay that keeps user `memberOf` and group `member` attributes in sync (I think it is called the "memberOf overlay").  We keep these in sync via application code.  

Thanks,
Carl Waldbieser
ITS Identity Management
Lafayette College

----- Original Message -----
From: "Keith Hazelton" <keith.hazelton at wisc.edu>
To: "midPoint General Discussion" <midpoint at lists.evolveum.com>
Sent: Tuesday, May 22, 2018 1:36:34 PM
Subject: [midPoint] Large groups with OpenLDAP

I’d like to see midPoint/OpenLDAP experience-based reactions to this comment I saw just now: “OpenLDAP has issues with large groups. Large groups over 25-30k and you will have issues with group updates taking about 6 seconds for each change.” 

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint



More information about the midPoint mailing list