Details
-
Suggestion
-
Resolution: Fixed
-
None
Description
NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion.
Confluence doesn't seem to query for exactly what attributes it wants when it pulls information from ldap; LDAP ends up sending every attribute of every hit it comes across. This could mean huge amounts of worthless data being sent to confluence.
For instance, the manage groups screen does this query:
[20ms] - AOP: UserAccessor.getGroups() [6ms] - com.atlassian.user.impl.ldap.adaptor.LDAPStaticGroupAdaptor_search(com.atlassian.user.impl.ldap.LiteralFilter@df8b06) [6ms] - com.atlassian.user.impl.ldap.adaptor.LDAPStaticGroupAdaptor_search_JNDI_RAW_((&(objectClass=groupOfUniqueNames)(objectClass=groupOfUniqueNames))) [2ms] - com.atlassian.user.impl.ldap.repository.DefaultLdapContextFactory_getLDAPContext [10ms] - com.atlassian.user.impl.ldap.search.page.LDAPEntityPager_preload__(originalQuery= (&(objectClass=groupOfUniqueNames)(objectClass=groupOfUniqueNames)))
Which gives it all the attributes of anything matching the query, when all manage groups really cares about is the group name attribute.
For very large ldap instances, this represents a signficant performance penalty.
This could be partially mitigated of this by requesting only the cn for the manage groups screen, and further zeroing in on only relevant attributes when a ldapsearch is done
Attachments
Issue Links
- is related to
-
CONFSERVER-15783 LDAP perfromance in certain areas could be improved for instances hooked up to large LDAP instances with lots of entries
- Closed
-
CWD-3034 Improve Active Directory full synchronisation of memberships
- Closed