Bug 990576

Summary: LDAP Integration needs to handle large numbers of ldap groups better.
Product: [JBoss] JBoss Operations Network Reporter: Simeon Pinder <spinder>
Component: UIAssignee: Simeon Pinder <spinder>
Status: CLOSED CURRENTRELEASE QA Contact: Mike Foley <mfoley>
Severity: high Docs Contact:
Priority: unspecified    
Version: JON 3.2CC: skondkar
Target Milestone: ER01   
Target Release: JON 3.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-01-02 20:36:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Screenshot none

Description Simeon Pinder 2013-07-31 13:30:16 UTC 
Description of problem:
After enabling RFC 2696, RHQ needs to be modified to:
- throttle the number of LDAP groups returned to the UI based on a)total number of results parsedb)too many overall page requests made
- give better feedback to the RHQ administrator about how to modify a) and b)
- fail faster/more reliably with useful information

Version-Release number of selected component (if applicable):
3.2.x Alpha builds/master builds

How reproducible:
Always

Steps to Reproduce:
1. Configure RHQ + LDAP integration
2. modify/define and LDAP group filter to return 20k groups.
3. Go to the groups page for a role and attempt to browse the groups available for integration.

Actual results:
i)Slow results and intermittent errors.
ii)Ability for RHQ admin to run with page sizes that are much to small and cause ui perf issues.

Expected results:
- better feedback from the RHQ+LDAP integration that current settings need to be improved
- more graceful failure when query results are simply too large.

Additional info:
See BZ 964250 for more details on this fix.
Comment 1 Sunil Kondkar 2013-08-05 15:03:48 UTC 
Updating the bug for few observations:

Created 20k groups on AD server. Observed that the search for LDAP groups (Ex: Search that returns 20k results - LDAP group with names ldapgroup1 ..ldapgroup20000) is a bit slow.
There is also a browser warning message about unresponsive script if large LDAP groups are assigned to the role. I opened a new bug#993070 for the same.
Comment 2 Simeon Pinder 2013-08-13 21:32:03 UTC 
Given that UI responsiveness issues while viewing available groups can occur during any of the following conditions:

- external ldap server does not support RFC 2696(query paging) but return large result set
- external ldap server does support query paging, but has page size set too small
- poor ldap group filter definition. External LDAP topologies and attributes can legitimately vary and performance issues are hard to spot without feedback.
- poor network performance between the RHQ/JON server and the external LDAP server
- large number of ldap servers, with varying styles and capabilities of supporting ldap group definitions
- etc...  

the fix/enhancement was to give the LDAP Administrator/integrator more interactive and instantaneous feedback about the progress of the LDAP group query and advise them of how they could address the issues.  With this being said the unresponsive script error can still occur.

The fix is applied to master with the following commits:
cccb252d70
993910de84
6d7689daef
2c874481d5

Moving this to MODIFIED for testing in the next build.
Comment 3 Simeon Pinder 2013-09-24 15:31:23 UTC 
Moving this to ON_QA for testing in ER1 and greater brew builds.
Comment 4 Sunil Kondkar 2013-11-11 12:48:38 UTC 
Verified on Version : 3.2.0.ER5 Build Number :	2cb2bc9:225c796

The role assignment UI displays te LDAP groups search query progress and suggestion as in attached screenshot. (Ex: Searched for more than 20000 LDAP groups shows the query progress with attention mark and provides suggestion to modify the group search filter to return fewer than 20000 LDAP groups.

The UI also displays read only LDAP System settings to view the current group search filter and query page size.
Please refer the screenshot.
Comment 5 Sunil Kondkar 2013-11-11 12:50:10 UTC 
Created attachment 822388 [details]
Screenshot
Comment 7 Simeon Pinder 2014-09-04 15:01:24 UTC 
*** Bug 993070 has been marked as a duplicate of this bug. ***