Status: Closed (View Workflow)
Affects Version/s: 4.4, 4.4.4, 6.0.8, 6.1.4, 6.1.7, 6.3.1, 6.4.5, 6.4.7, 6.4.12
Component/s: User Management - LDAP Integration
Introduced in Version:4.04
Bug Fix Policy:
We have made mention in the directory configuration page that enabling nested groups in JIRA can cause performance issues. The level of slowness depends on the number of groups, users and the level of nesting. During the cause of support, we have identified that with the following statistics, JIRA is extremely slow to the extend that even viewing issues takes close to two minutes:
Upon disabling the nested feature, JIRA becomes stable even with 100 concurrent LDAP users logged in to JIRA. The cause of the performance is attributed to the fact that permissions calculation in JIRA is very expensive and JIRA has a lot of lookups to do when users try to perform operations.
Please refer to the workaround in CWD-2082 if using Crowd Standalone. Ensure that 'Use nested groups' is also disabled in the user directory in JIRA.
If you are using Active Directory you can eliminate this problem using filter directives to delegate the nested calculations to the Active Directory server. This is not available for other LDAP servers.
- In JIRA, go to System > User management > User Directories.
- Edit the user directory that syncs with Active Directory.
- In Advanced Settings uncheck the box nested groups
- In Membership Schema Settings...
- Change Group Members Attribute to "member:1.2.840.1135126.96.36.1991:"
- Change User Membership Attribute to "memberOf:1.2.840.1135188.8.131.521:"
- Check the box for Use the User Membership Attribute ... When finding the user's group membership (in other words check both checkboxes)
- Save the changes
- Perform a full synchronization of the User Directory.