Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-15783

LDAP perfromance in certain areas could be improved for instances hooked up to large LDAP instances with lots of entries

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion.

      Confluence doesn't seem to query for exactly what attributes it wants when it pulls information from ldap; LDAP ends up sending every attribute of every hit it comes across. This could mean huge amounts of worthless data being sent to confluence.

      For instance, the manage groups screen does this query:

                [20ms] - AOP: UserAccessor.getGroups()
            [6ms] - com.atlassian.user.impl.ldap.adaptor.LDAPStaticGroupAdaptor_search(com.atlassian.user.impl.ldap.LiteralFilter@df8b06)
              [6ms] - com.atlassian.user.impl.ldap.adaptor.LDAPStaticGroupAdaptor_search_JNDI_RAW_((&(objectClass=groupOfUniqueNames)(objectClass=groupOfUniqueNames)))
                [2ms] - com.atlassian.user.impl.ldap.repository.DefaultLdapContextFactory_getLDAPContext
            [10ms] - com.atlassian.user.impl.ldap.search.page.LDAPEntityPager_preload__(originalQuery= (&(objectClass=groupOfUniqueNames)(objectClass=groupOfUniqueNames)))

      Which gives it all the attributes of anything matching the query, when all manage groups really cares about is the group name attribute.

      For very large ldap instances, this represents a signficant performance penalty.
      This could be partially mitigated of this by requesting only the cn for the manage groups screen, and further zeroing in on only relevant attributes when a ldapsearch is done

      Attachments

        Issue Links

          is related to

          Suggestion - CONFSERVER-15783 LDAP perfromance in certain areas could be improved for instances hooked up to large LDAP instances with lots of entries

          • Closed

          Suggestion - CWD-3034 Improve Active Directory full synchronisation of memberships

          • Closed

          Activity

            People

              Unassigned Unassigned
              twong Tim Wong (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: