-
Bug
-
Resolution: Fixed
-
Medium (View bug fix roadmap)
-
4.4, 4.4.4, 6.0.8, 6.1.4, 6.1.7, 6.3.1, 6.4.5, 6.4.7, 6.4.12
-
4.04
-
We have made mention in the directory configuration page that enabling nested groups in JIRA can cause performance issues. The level of slowness depends on the number of groups, users and the level of nesting. During the cause of support, we have identified that with the following statistics, JIRA is extremely slow to the extend that even viewing issues takes close to two minutes:
about 7000 users about 700 groups about 6-7 levels of nesting most user belong to the last level of group,few belongs to higher level group.
Upon disabling the nested feature, JIRA becomes stable even with 100 concurrent LDAP users logged in to JIRA. The cause of the performance is attributed to the fact that permissions calculation in JIRA is very expensive and JIRA has a lot of lookups to do when users try to perform operations.
Workaround for Active Directory
Please refer to the workaround in CWD-2082 if using Crowd Standalone. Ensure that 'Use nested groups' is also disabled in the user directory in JIRA.
If you are using Active Directory you can eliminate this problem using filter directives to delegate the nested calculations to the Active Directory server. This is not available for other LDAP servers.
- In JIRA, go to System > User management > User Directories.
- Edit the user directory that syncs with Active Directory.
- In Advanced Settings uncheck the box nested groups
- In Membership Schema Settings...
- Change Group Members Attribute to "member:1.2.840.113556.1.4.1941:"
- Change User Membership Attribute to "memberOf:1.2.840.113556.1.4.1941:"
- Check the box for Use the User Membership Attribute ... When finding the user's group membership (in other words check both checkboxes)
- Save the changes
- Perform a full synchronization of the User Directory.
- is caused by
-
-
- Closed
-
- is related to
-
JRASERVER-43615 Request cache for groups which user belongs to
- Closed
- relates to
-
-
- Closed
-
-
-
- Closed
-
-
-
- Gathering Impact
-
-
- Gathering Interest
-
JSP-219862 Loading...
-
-
- mentioned in
-
-
-
-
-
-
-
-
-
-
-
-
-
[JRASERVER-27072] JIRA is extremely slow when Nested group is enabled in LDAP
The workaround in the description is to have groups retrieved from LDAP as a flattened result set. Should there be an option to have this as the default behaviour? (instead of pulling in the nested structure)
Jan Jasek
added a comment - We have a 2 000 users Enterprise Jira and Confluence license, and this issue is HEAVILY affecting the way how we can work with the system.
Jan Jasek
added a comment - We have a 2 000 users Enterprise Jira and Confluence license, and this issue is HEAVILY affecting the way how we can work with the system.
We were referred to this bug via our support ticket ( JSP-205882 ). In our case, we are not using LDAP (or Active Directory) at all. We are using Crowd's internal directory which has a nested groups feature natively. I just want to call out that this issue doesn't have anything to do with LDAP per se.
In our case, JIRA became completely unresponsive for users, CPU spiked on the machine. We had to restart JIRA to recover. Captured thread dumps connected the incident to this issue.