Hi! I'm attaching user-mgt.xml. We're using IS 4.0.0 with the builtin LDAP. We are using the standard claims + few custom claims mapped to LDAP properties. I have observed that if i switch from LDAP store to JDBC store the performance is great - 300msec per new user when i already have 5000 existing users. But using LDAP is slow.
On Fri, Jul 5, 2013 at 5:26 AM, Prabath Siriwardena <[email protected]>wrote: > Also - what is the version of IS ? > > Thanks & regards, > -Prabath > > > On Fri, Jul 5, 2013 at 7:54 AM, Prabath Siriwardena <[email protected]>wrote: > >> Can you please share your user-mgt.xml and the LDAP structure? >> >> Thanks & regards, >> -Prabath >> >> >> On Wed, Jul 3, 2013 at 6:40 PM, Adrian Mitev <[email protected]>wrote: >> >>> Hi Asela! Thank you for your answer. My current configuration contains >>> this property as specified in the documentation [1]. However the issue >>> occurs even with this setting. >>> >>> 1 - >>> http://docs.wso2.org/wiki/display/IS400/Default+LDAP+User+Store+Configuration >>> >>> >>> On Wed, Jul 3, 2013 at 11:25 AM, Asela Pathberiya <[email protected]>wrote: >>> >>>> Hi Adrian, >>>> >>>> If you have not optimized the configuration, There may be some slowness >>>> when number of users are increased. To optimized LDAP authentication, you >>>> need to use "UserDNPattern" property.... such as following.... This >>>> properly must be match with your search base and this can be used with with >>>> both flat and hierarchical user search bases. >>>> >>>> <Property >>>> name="UserDNPattern">uid={0},ou=Users,dc=wso2,dc=org</Property> >>>> >>>> Thanks, >>>> Asela. >>>> >>>> >>>> >>>> >>>> On Wed, Jul 3, 2013 at 12:44 PM, Adrian Mitev >>>> <[email protected]>wrote: >>>> >>>>> Hi all! I'm not sure if this is the right place to ask! I'm using WSO2 >>>>> Identity Server with it's bundled LDAP. I have a requirement to store >>>>> 5000+ >>>>> accounts. I created a test script that adds many accounts using the remote >>>>> web services (RemoteUserStoreManagerService) through the Java apis. >>>>> However >>>>> as the users amount begin to grow, the operations get slower. Is this a >>>>> known issue? Could you suggest me an optimization strategy? >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> Asela >>>> >>>> Mobile : +94 777 625 933 >>>> >>> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com >> http://RampartFAQ.com >> > > > > -- > Thanks & Regards, > Prabath > > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com > http://RampartFAQ.com >
<!-- ~ Copyright WSO2, Inc. (http://wso2.com) ~ ~ Licensed under the Apache License, Version 2.0 (the "License"); ~ you may not use this file except in compliance with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0 ~ ~ Unless required by applicable law or agreed to in writing, software ~ distributed under the License is distributed on an "AS IS" BASIS, ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~ See the License for the specific language governing permissions and ~ limitations under the License. --> <UserManager> <Realm> <Configuration> <AdminRole>admin</AdminRole> <AdminUser> <UserName>admin</UserName> <Password>admin</Password> </AdminUser> <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root --> <Property name="dataSource">jdbc/WSO2CarbonDB</Property> <Property name="MultiTenantRealmConfigBuilder">org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder</Property> </Configuration> <!-- Following user manager is used by Identity Server (IS) as its default user manager. IS will do token replacement when building the product. Therefore do not change the syntax. If "kdcEnabled" parameter is true, IS will allow service principle management. Thus "ServicePasswordJavaRegEx", "ServiceNameJavaRegEx" properties control the service name format and service password formats. In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property> --> <UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager"> <Property name="defaultRealmName">WSO2.ORG</Property> <Property name="kdcEnabled">false</Property> <Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property> <Property name="ConnectionName">uid=admin,ou=system</Property> <Property name="ConnectionPassword">admin</Property> <Property name="passwordHashMethod">SHA</Property> <Property name="UserNameListFilter">(objectClass=person)</Property> <Property name="UserEntryObjectClass">scimPerson</Property> <Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property> <Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property> <Property name="UserNameAttribute">uid</Property> <Property name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property> <Property name="ServicePasswordJavaRegEx">^[\\S]{5,30}$</Property> <Property name="ServiceNameJavaRegEx">^[\\S]{2,30}/[\\S]{2,30}$</Property> <Property name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property> <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property> <Property name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property> <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property> <Property name="ReadLDAPGroups">true</Property> <Property name="WriteLDAPGroups">true</Property> <Property name="EmptyRolesAllowed">true</Property> <Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property> <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property> <Property name="GroupEntryObjectClass">groupOfNames</Property> <Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property> <Property name="GroupNameAttribute">cn</Property> <Property name="MembershipAttribute">member</Property> <Property name="UserRolesCacheEnabled">true</Property> <Property name="UserDNPattern">uid={0},ou=Users,dc=wso2,dc=org</Property> <Property name="SCIMEnabled">true</Property> <Property name="maxFailedLoginAttempt">0</Property> </UserStoreManager> <AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager"> <Property name="AdminRoleManagementPermissions">/permission</Property> <Property name="AuthorizationCacheEnabled">true</Property> </AuthorizationManager> </Realm> </UserManager>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
