• Type: Bug
• Resolution: Timed out
• Priority: Low
• Fix Version/s: None
• Affects Version/s: 2.1
• Component/s: Integration - Confluence
• Labels:

  None

[CWD-2442] isUserNestedGroupMember iterates children, should iterate parents

Collapse comment: Richard Atkins added a comment - 20/May/2011 2:33 AM

Richard Atkins added a comment - 20/May/2011 2:33 AM

Raised CWD-2465 to cover improving support for name caching of memberships.

Leaving this as is, so you can decide whether to call findNestedGroupMembershipsOfUser inside isUserNestedGroupMember if/when the former is known to perform well.

Expand comment: Richard Atkins added a comment - 20/May/2011 2:33 AM

Richard Atkins added a comment - 20/May/2011 2:33 AM Raised CWD-2465 to cover improving support for name caching of memberships. Leaving this as is, so you can decide whether to call findNestedGroupMembershipsOfUser inside isUserNestedGroupMember if/when the former is known to perform well.

Collapse comment: Richard Atkins added a comment - 11/May/2011 5:21 AM

Richard Atkins added a comment - 11/May/2011 5:21 AM

Agreed. While crowd supports querying membership of LDAP without first synchronising LDAP to an internal directory, there's no point in rewriting the recursion. I still think it would be faster for all other directory types (or all synchronised directories) to query bottom up, especially where there are many group-group memberships of the target group.

Do you want me to rewrite this issue, or raise a new one for changing searchDirectGroupRelationships?

Expand comment: Richard Atkins added a comment - 11/May/2011 5:21 AM

Richard Atkins added a comment - 11/May/2011 5:21 AM Agreed. While crowd supports querying membership of LDAP without first synchronising LDAP to an internal directory, there's no point in rewriting the recursion. I still think it would be faster for all other directory types (or all synchronised directories) to query bottom up, especially where there are many group-group memberships of the target group. Do you want me to rewrite this issue, or raise a new one for changing searchDirectGroupRelationships?

Collapse comment: shihab added a comment - 06/May/2011 2:36 AM

shihab added a comment - 06/May/2011 2:36 AM

This is not a bug. Resolving nesting downwards from the group produces exactly the same result as resolving nesting upwards from the user.

The performance implication specific to Confluence arises because of the way caching is implemented at the DAO level. If you cache the direct subgroups of a group, this will take care of the performance issue. Caching a collection of subgroup references/names should not consume a large amount of memory.

I think in Crowd though, we should change:

List<Group> subGroups = searchDirectGroupRelationships(directoryId, QueryBuilder.queryFor(Group.class, EntityDescriptor.group()).childrenOf(EntityDescriptor.group()).withName(groupName).returningAtMost(EntityQuery.ALL_RESULTS));

To return List<String> to facilitate name caching.

Thoughts?

Expand comment: shihab added a comment - 06/May/2011 2:36 AM

shihab added a comment - 06/May/2011 2:36 AM This is not a bug. Resolving nesting downwards from the group produces exactly the same result as resolving nesting upwards from the user. The performance implication specific to Confluence arises because of the way caching is implemented at the DAO level. If you cache the direct subgroups of a group, this will take care of the performance issue. Caching a collection of subgroup references/names should not consume a large amount of memory. I think in Crowd though, we should change: List<Group> subGroups = searchDirectGroupRelationships(directoryId, QueryBuilder.queryFor(Group.class, EntityDescriptor.group()).childrenOf(EntityDescriptor.group()).withName(groupName).returningAtMost(EntityQuery.ALL_RESULTS)); To return List<String> to facilitate name caching. Thoughts?