By: Aleksandar Petkovski user 10 Dec 2018 at 9:03 a.m. CST

10 Responses

Greetings, In our company, we are conducting on a research on how we can use the GLUU capabilities in order to authenticate users from different LDAP sources. Ldap sources in question are big databases with hundred of thousands of people in each sources. For that matter, we choose the GLUU 3.1.4, which has the option of Cache Refresh. I managed to syncronize two different LDAP sources: First: Company Microsoft AD. Number of people: 25000 Second: OpenLDAP server on a virtual machine. Number of people: User defined Syncronization in done every 5 minutes. Our frontend application can use GLUU backend and uses identification with tokens, that GLUU sends back to the front user. From the point of view of the end user, he needs to know only his username and password and GLUU uses it to authenticate, without internally storing the authentication. So far so good. Then, I used only one backend server (the OpenLDAP) because I wanted to test the capacity. I tried then to change the number of users on the backend OpenLDAP server and recorder this data from the /opt/gluu/jetty/identity/logs/oxtrust_cache_refresh.log. ``` 10000 entries - 1 entry updated ______________________________________ 2018-12-10 13:32:52,622 INFO [Thread-252] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:318) - Attempting to load entries from source server 2018-12-10 13:32:53,764 INFO [Thread-252] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:327) - Found '10000' entries in source server 2018-12-10 13:32:53,772 INFO [Thread-252] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:330) - Found '10000' unique entries in source server 2018-12-10 13:32:54,209 INFO [Thread-252] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:379) - Found '1' changed entries 2018-12-10 13:32:54,209 INFO [Thread-252] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:384) - Loaded '0' problem entries from problem file 2018-12-10 13:32:54,242 INFO [Thread-252] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:397) - Updated '1' entries 2018-12-10 13:32:54,242 INFO [Thread-252] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:399) - Failed to update '0' entries 2018-12-10 13:32:54,300 INFO [Thread-252] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:439) - Removed '0' persons from target server 2018-12-10 13:32:54,300 INFO [Thread-252] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:454) - There are '10000' entries before updating inum list 2018-12-10 13:32:54,300 INFO [Thread-252] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:458) - There are '10000' entries after removal '0' entries 2018-12-10 13:32:54,301 INFO [Thread-252] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:462) - There are '10000' entries after adding '0' entries 20000 entries - 1 entry updated ______________________________________ 2018-12-10 14:15:52,618 INFO [Thread-750] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:318) - Attempting to load entries from source server 2018-12-10 14:15:53,663 INFO [Thread-750] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:327) - Found '20000' entries in source server 2018-12-10 14:15:53,686 INFO [Thread-750] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:330) - Found '20000' unique entries in source server 2018-12-10 14:15:54,083 INFO [Thread-750] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:379) - Found '1' changed entries 2018-12-10 14:15:54,084 INFO [Thread-750] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:384) - Loaded '0' problem entries from problem file 2018-12-10 14:15:54,108 INFO [Thread-750] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:397) - Updated '1' entries 2018-12-10 14:15:54,109 INFO [Thread-750] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:399) - Failed to update '0' entries 2018-12-10 14:15:54,455 INFO [Thread-750] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:439) - Removed '0' persons from target server 2018-12-10 14:15:54,455 INFO [Thread-750] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:454) - There are '20000' entries before updating inum list 2018-12-10 14:15:54,455 INFO [Thread-750] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:458) - There are '20000' entries after removal '0' entries 2018-12-10 14:15:54,455 INFO [Thread-750] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:462) - There are '20000' entries after adding '0' entries 50000 entries - 30000 new entries _____________________________________ 2018-12-10 14:19:52,618 INFO [Thread-802] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:318) - Attempting to load entries from source server 2018-12-10 14:19:55,670 INFO [Thread-802] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:327) - Found '50000' entries in source server 2018-12-10 14:19:55,713 INFO [Thread-802] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:330) - Found '50000' unique entries in source server 2018-12-10 14:20:47,636 INFO [Thread-802] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:379) - Found '30000' changed entries 2018-12-10 14:20:47,636 INFO [Thread-802] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:384) - Loaded '0' problem entries from problem file 2018-12-10 14:21:50,416 INFO [Thread-802] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:397) - Updated '30000' entries 50000 entries - 1 entry updated _____________________________________ 2018-12-10 14:27:52,614 INFO [Thread-902] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:318) - Attempting to load entries from source server 2018-12-10 14:27:55,913 INFO [Thread-902] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:327) - Found '50000' entries in source server 2018-12-10 14:27:55,954 INFO [Thread-902] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:330) - Found '50000' unique entries in source server 2018-12-10 14:27:56,965 INFO [Thread-902] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:379) - Found '1' changed entries 2018-12-10 14:27:56,965 INFO [Thread-902] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:384) - Loaded '0' problem entries from problem file 2018-12-10 14:27:56,990 INFO [Thread-902] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:397) - Updated '1' entries 100000 entries - 50000 new entries _____________________________________ 2018-12-10 14:34:52,637 INFO [Thread-983] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:318) - Attempting to load entries from source server 2018-12-10 14:34:59,017 INFO [Thread-983] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:327) - Found '100000' entries in source server 2018-12-10 14:34:59,079 INFO [Thread-983] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:330) - Found '100000' unique entries in source server 2018-12-10 14:36:09,606 INFO [Thread-983] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:379) - Found '50000' changed entries 2018-12-10 14:36:09,606 INFO [Thread-983] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:384) - Loaded '0' problem entries from problem file 2018-12-10 14:37:31,791 INFO [Thread-983] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:397) - Updated '50000' entries 100000 entries - 1 entry updated _____________________________________ 2018-12-10 14:41:52,628 INFO [Thread-1065] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:318) - Attempting to load entries from source server 2018-12-10 14:41:59,081 INFO [Thread-1065] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:327) - Found '100000' entries in source server 2018-12-10 14:41:59,152 INFO [Thread-1065] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:330) - Found '100000' unique entries in source server 2018-12-10 14:42:01,776 INFO [Thread-1065] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:379) - Found '1' changed entries 2018-12-10 14:42:01,776 INFO [Thread-1065] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:384) - Loaded '0' problem entries from problem file 2018-12-10 14:42:01,802 INFO [Thread-1065] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:397) - Updated '1' entries 2018-12-10 14:42:01,802 INFO [Thread-1065] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:399) - Failed to update '0' entries 2018-12-10 14:42:02,047 INFO [Thread-1065] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:439) - Removed '0' persons from target server 2018-12-10 14:42:02,047 INFO [Thread-1065] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:454) - There are '100000' entries before updating inum list 2018-12-10 14:42:02,047 INFO [Thread-1065] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:458) - There are '100000' entries after removal '0' entries 2018-12-10 14:42:02,050 INFO [Thread-1065] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:462) - There are '100000' entries after adding '0' entries 200000 entries - 1 entry updated ____________________________________ 2018-12-10 15:06:52,613 INFO [Thread-1359] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:318) - Attempting to load entries from source server 2018-12-10 15:07:19,427 INFO [Thread-1359] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:327) - Found '200000' entries in source server 2018-12-10 15:07:19,537 INFO [Thread-1359] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:330) - Found '200000' unique entries in source server 2018-12-10 15:07:29,431 INFO [Thread-1359] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:379) - Found '1' changed entries 2018-12-10 15:07:29,431 INFO [Thread-1359] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:384) - Loaded '0' problem entries from problem file 2018-12-10 15:07:29,568 INFO [Thread-1359] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:397) - Updated '1' entries 2018-12-10 15:07:29,569 INFO [Thread-1359] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:399) - Failed to update '0' entries 2018-12-10 15:07:30,813 INFO [Thread-1359] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:439) - Removed '0' persons from target server 2018-12-10 15:07:30,814 INFO [Thread-1359] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:454) - There are '200000' entries before updating inum list 2018-12-10 15:07:30,814 INFO [Thread-1359] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:458) - There are '200000' entries after removal '0' entries 2018-12-10 15:07:30,818 INFO [Thread-1359] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:462) - There are '200000' entries after adding '0' entries ``` As you can see, for larger size of entries in the source server, there is quite a long time of just finding all the entries and also additional time of finding changed entries. For a 200000 big source, that is about 27 seconds for loading and 10 seconds for updating, just for one changed entry (typical case) In the time this update takes place, CPU on GLUU server is loaded 99-100 percent and user that want to use GLUU to authenticate can run into a problem, because of this. As we want our system to be capable of running 24/7 in order to execute transactions, this can be a bottleneck in otherwise effective system for syncronizing authentication. I tried to directly see the one user changed by using the timestamp and found that the answer I get with ldapsearch is withing 1.5 seconds: ``` [root@fedora-int ~/ApacheDirectoryStudio]# time sh test_ldap_modify.sh # extended LDIF # # LDAPv3 # base <ou=Users,ou=Slovenia,dc=snt-ext,dc=com> with scope subtree # filter: (modifyTimestamp>=20181210143600Z) # requesting: modifyTimestamp # # A004998 Bot, Users, Slovenia, snt-ext.com dn: cn=A004998 Bot,ou=Users,ou=Slovenia,dc=snt-ext,dc=com modifyTimestamp: 20181210143629Z # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 real 0m1,578s user 0m0,003s sys 0m0,005s ``` The other problem we found is when we wanted a bigger source (400000 users). We ran into a problem, because of Java heap space. java.lang.OutOfMemoryError: Java heap space GLUU Server was unresponsive after that. What is the correct way to incease this heap space for java to be able to work with 400000 users and more?

CentOS 7.5

closed

By Mohib Zico staff 13 Dec 2018 at 3:11 a.m. CST

Copy

Hi Aleksandar, Two points: - Don't use OpenLDAP; we are still not confident about keeping OpenLDAP bit inside of Gluu server. Use the Gluu compiled OpenDJ bit which is shipped in Gluu Server. - For this amount of users, you need to 'separate' your Gluu-OpenDJ bit from oxAuth Server. That means... your oxAuth+oxTrust+other_bits will be in first VM and 'Gluu-OpenDJ' will be in another VM. So when the Cache Refresh will run, it won't disturb your oxAuth server for resource sharing and all.

By Aleksandar Petkovski user 13 Dec 2018 at 3:30 a.m. CST

Copy

Hello, Mohib, We use OpenDJ, as we are aware of the GLUU planning to discontinue support of the OpenLDAP. OpenLDAP is the backend server, we created, where we can create as many users as we want for test purposes, as it is mentioned already above. Problem here is the time GLUU takes to synchronize that many users from the OpenLDAP to OpenDJ. I beleive, that this is because there is ldapsearch to all entries, because of only the changed entries (let's say that we want to check and update openDJ for only the changed entries, this could for example be done by looking just the parameter "modifyTimestamp"). This is certainly not the case here, as I can see in this printout: ``` 200000 entries - 1 entry updated ____________________________________ 2018-12-10 15:06:52,613 INFO [Thread-1359] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:318) - Attempting to load entries from source server 2018-12-10 15:07:19,427 INFO [Thread-1359] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:327) - Found '200000' entries in source server ``` For the other question, I am not sure what you mean by: > you need to 'separate' your Gluu-OpenDJ bit from oxAuth Server. You mean, problem will be solved with two gluus, each installed on a different VM, in order for each to manage different kind of tasks? Doesn't this just add to complicity on already complicated Cache Refresh part? Do you have a working example on how this works?

By Mohib Zico staff 19 Dec 2018 at 4:06 a.m. CST

Copy

Hi Aleksandar, 'First' Cache Refresh cycle will always take time to sync users in Gluu Server if you have big userbase; LDAP write operation is expensive. But afterwards, it just apply/load/sync changed entries which are there in your backend LDAP server. >> you need to 'separate' your Gluu-OpenDJ bit from oxAuth Server. Gluu Server is by default combination of softwares: oxAuth+oxTrust+Gluu-OpenDJ LDAP+ Apache + Passport etc in one VM, right? What I suggested... you 'extract' that 'Gluu-OpenDJ LDAP' software from above VM and put this bit in separate VM. "oxAuth+oxTrust+Apache+Passport" will 'talk' to that remote 'Gluu-OpenDJ' VM. In above situation, when your Cache Refresh will run... remote VM's full resource will be utilized by Cache Refresh without hampering oxAuth+oxTrust+Passport. We do have customers who are in production with above setup.

By Aleksandar Petkovski user 19 Dec 2018 at 8 a.m. CST

Copy

Hello Mohib, thank you for the answer. I tried to add 100000 to the already present 200000 users, through cache refresh and **tail -f /opt/gluu/jetty/identity/logs/oxtrust_cache_refresh.log** returns ``` 2018-12-19 14:53:27,237 ERROR [Thread-38] [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (CacheRefreshTimer.java:201) - Exception happened while executing cache refresh synchronization **java.lang.OutOfMemoryError: Java heap space** at sun.nio.cs.UTF_8.newDecoder(UTF_8.java:68) ~[?:1.8.0_181] at java.lang.StringCoding$StringDecoder.<init>(StringCoding.java:131) ~[?:1.8.0_181] at java.lang.StringCoding$StringDecoder.<init>(StringCoding.java:122) ~[?:1.8.0_181] at java.lang.StringCoding.decode(StringCoding.java:187) ~[?:1.8.0_181] at java.lang.String.<init>(String.java:426) ~[?:1.8.0_181] at com.unboundid.util.StaticUtils.toUTF8String(StaticUtils.java:386) ~[unboundid-ldapsdk-3.2.0.jar:3.2.0] at com.unboundid.asn1.ASN1OctetString.stringValue(ASN1OctetString.java:430) ~[unboundid-ldapsdk-3.2.0.jar:3.2.0] at com.unboundid.ldap.sdk.Attribute.getValues(Attribute.java:1183) ~[unboundid-ldapsdk-3.2.0.jar:3.2.0] at org.gluu.site.ldap.persistence.LdapEntryManager.getAttributeDataList(LdapEntryManager.java:671) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.createEntities(LdapEntryManager.java:580) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.findEntries(LdapEntryManager.java:413) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.findEntries(LdapEntryManager.java:373) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.findEntries(LdapEntryManager.java:369) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.findEntries(LdapEntryManager.java:361) ~[oxcore-ldap-3.1.4.Final.jar:?] at org.gluu.oxtrust.ldap.cache.service.CacheRefreshTimer.loadSourceServerEntriesWithoutLimits(CacheRefreshTimer.java:822) ~[classes/:?] at org.gluu.oxtrust.ldap.cache.service.CacheRefreshTimer.detectChangedEntries(CacheRefreshTimer.java:324) ~[classes/:?] at org.gluu.oxtrust.ldap.cache.service.CacheRefreshTimer.processImpl(CacheRefreshTimer.java:285) ~[classes/:?] at org.gluu.oxtrust.ldap.cache.service.CacheRefreshTimer.processInt(CacheRefreshTimer.java:196) [classes/:?] at org.gluu.oxtrust.ldap.cache.service.CacheRefreshTimer$Proxy$_$$_WeldSubclass.processInt(Unknown Source) [classes/:?] at org.gluu.oxtrust.ldap.cache.service.CacheRefreshTimer.process(CacheRefreshTimer.java:179) [classes/:?] at org.gluu.oxtrust.ldap.cache.service.CacheRefreshTimer$Proxy$_$$_WeldSubclass.process$$super(Unknown Source) [classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.jboss.weld.interceptor.proxy.TerminalAroundInvokeInvocationContext.proceedInternal(TerminalAroundInvokeInvocationContext.java:51) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.proxy.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:78) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.xdi.service.cdi.async.AsynchronousInterceptor$1.get(AsynchronousInterceptor.java:36) [oxcore-service-3.1.4.Final.jar:?] at java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1590) [?:1.8.0_181] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181] ``` My question is, where can I increase this Java heap space in Gluu?

By Mohib Zico staff 19 Dec 2018 at 8:08 a.m. CST

Copy

/etc/default/ inside container. You need to play with 'identity' one for CR related Java heap size.

By Aleksandar Petkovski user 21 Dec 2018 at 4:26 a.m. CST

Copy

Hello, Mohib. I did play with identity heap size and made a progress. But, we are restricted by the RAM memory size. So I tried implementing GlUU's Cluster manager to distribute the load between the two servers. It also worked quite good. What I noticed, is that the Cluster Manager now uses a native persistence for cache-ing, instead of Redis, like it was in the previous version of GLUU. There is not much written about Native persistence in [https://gluu.org/docs/ce/admin-guide/oxtrust-ui/] Can you explain what is behind of the native persistence technology? Greetings, Aleksandar

By Mohib Zico staff 21 Dec 2018 at 4:40 a.m. CST

Copy

Hi Aleksandar, Native persistence caching means... your sessions are stored in internal LDAP and shared among Gluu Server nodes through LDAP replication.

By Aleksandar Petkovski user 21 Dec 2018 at 4:45 a.m. CST

Copy

Thank you, Mohib. What do you suggest for the clustering and lessening the load bearing, redis or native persistense?

By Mohib Zico staff 21 Dec 2018 at 4:58 a.m. CST

Copy

Personally I like native because I don't need to go with redis configuration and it has been working great for our mission critical customers who are using cluster-manager for SAML+OpenID connect protocol apps.

By Aleksandar Petkovski user 21 Dec 2018 at 6:23 a.m. CST

Copy

Thank you for your response, Mohib. I'll try to make use of the setup to eventually get to 1 000 000 users distributed on 3 machines. That is our final goal. Best regards, Aleksandar

You need to Login in order to post an answer

Slow update from cache refresh for big source (200000 users)

By: Aleksandar Petkovski user 10 Dec 2018 at 9:03 a.m. CST

Answers

By Mohib Zico staff 13 Dec 2018 at 3:11 a.m. CST

By Aleksandar Petkovski user 13 Dec 2018 at 3:30 a.m. CST

By Mohib Zico staff 19 Dec 2018 at 4:06 a.m. CST

By Aleksandar Petkovski user 19 Dec 2018 at 8 a.m. CST

By Mohib Zico staff 19 Dec 2018 at 8:08 a.m. CST

By Aleksandar Petkovski user 21 Dec 2018 at 4:26 a.m. CST

By Mohib Zico staff 21 Dec 2018 at 4:40 a.m. CST

By Aleksandar Petkovski user 21 Dec 2018 at 4:45 a.m. CST

By Mohib Zico staff 21 Dec 2018 at 4:58 a.m. CST

By Aleksandar Petkovski user 21 Dec 2018 at 6:23 a.m. CST

Post an answer