-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
High
-
None
-
Affects Version/s: 10.3.13
-
Component/s: User Management - Others
-
None
-
10.03
-
Severity 1 - Critical
Issue Summary
In User Management, searching users while filtering on the "Status" value can cause high CPU and memory pressure, compared to leaving the value as All Users. The search request can also take a long time, or timeout altogether.
The issue was reproduced on an instance containing 6M+ users with a heap allocation of 20g. The heap dump that resulted from an OOME indicated that this singular search consumed approximately 12Gb, mostly in an array of 6.1M+ user objects. The issue is more likely to occur in an environment with more users.
The affected instance is only using the Internal Directory, there is no AD/LDAP configured, so the guardrails on user/group limits don't apply.
Steps to Reproduce
- Navigate to the User Management Administration page
- Leave all search parameters empty/default, but set "Status" to Active or Inactive
- Search
Expected Results
Active or Inactive users will be shown depending on what was set in step 2.
Actual Results
- CPU usage will increase
- Memory pressure will in crease
- The page will respond slowly, or not at all, and timeout
- An OutOfMemoryError may occur
Workaround
Refrain from performing user searches while filtering on user's Status. Block the request via regex on activeFilter=false or activeFilter=true
