Ah, then it is because i am using mdb as the database and reach the maxfilesize. Once it is reach the limit index file become corrupt. I think i still need more investigation about this. Thanks for the answer Shawn, will do separate mail for tell about the experiment result.
On Jun 26, 2017 8:05 AM, "Shawn McKinney" <[email protected]> wrote: > > > > On Jun 25, 2017, at 10:34 AM, Yudhi Karunia Surtan < > [email protected]> wrote: > > > > did someone ever tried to use fortress and having ldap entries for > around > > > 10 million entries? > > i'm curious if fortress able to handle so many entries below ou=people. > > honestly, i'm newbie in ldap and did some experiment that AccessMgr will > > get timeout when ou=people filled so many entries. > > i don't think increasing the timeout is the solution, more entries mean > > will also increase the timeout setting later. > > Yudhi, > > I just loaded up 1M users and there are no performance degradations. It > took about 20 minutes to create the users, longer to assign each user 10 > roles. > > No surprise there, LDAP is made for this. Of course the indexes need to > be in place, which if you follow the default setup for OpenLDAP they will > be. > > There is a caveat, fortress supports two way user-role assignments. That > is the role attribute is stored on user object, and the user membership is > on the Role object. The latter is to be compatible with non-rbac > implementations that use traditional group membership lookups for access > control. > > The problem is when group have large numbers of users, i.e. 10’s of > thousands, performance degrades on the edits of those objects. > > Strictly speaking fortress doesn’t need to associate user membership with > roles, for its RBAC controls, so I am going to add a option to disable, > with config switch. Something along the lines of: > role.occupants = false <— disable role-to-user mapping > role.occupants = true <— enable role-to-user mapping > > To load the 1M users: > > https://github.com/apache/directory-fortress-core/blob/ > master/src/test/java/org/apache/directory/fortress/core/samples/ > LoadTestUserSample.java > > This class is still a little rough around the edges, and needs some work, > but if you want to try it let me know and we’ll get it cleaned up. > > Thanks, > Shawn > >
