Do not load all the system user to memory for shared groups
Description
Environment
is related to
Activity
Tom Evans February 7, 2013 at 4:25 PM
Hi Filip -
Yes, we inadvertently dropped support for shared groups in the read-only providers (including LDAP). This has been fixed in the latest nightly build and will be included with 3.8.1.
Refer to https://igniterealtime.atlassian.net/browse/OF-610#icft=OF-610 for more details.
Thanks,
Tom
Filip Valder February 7, 2013 at 12:05 PM
Hi.
After trying to upgrade Openfire 3.7.1 -> 3.8.0, it seems that this performance patch introduced a new bug when using hybrid authentication (MySQL + LDAP/readonly). The users can't see their group co-members anymore. User/group mapping is performed by LDAP whilst group policies are held in MySQL DB (table ofGroupProp); and there are 3 rows for each group like..:
SOME_GROUP_NAME | sharedRoster.showInRoster | onlyGroup |
SOME_GROUP_NAME | sharedRoster.displayName | SOME_GROUP_NAME |
SOME_GROUP_NAME | sharedRoster.groupList |
|
If the group shall not be visible, there's a propValue "nobody" indicating this. This works fine with 3.7.1 even for hundreds of groups although the performance suffers a bit. But is there anything wrong with this philosophy?
Thanks for your advice in advance,
cheers,
Filip Valder
Tom Evans January 5, 2013 at 12:00 AM
Passed basic sniff test (build/deploy) ... marking resolved pending further community feedback/testing.
Tom Evans January 2, 2013 at 8:20 PM
See also https://igniterealtime.atlassian.net/browse/OF-142#icft=OF-142 for roster management concerns related to shared groups and group caching.
Currently, when using public groups we are loading all the system users to memory. Depending on the number of users in the system this may be highly inefficient. We should try replacing the logic and use instead the sessions available at the moment.