Performance in ownCloud Chapter 1
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Subtitle |
| |
| Title of Series | ||
| Number of Parts | 22 | |
| Author | ||
| Contributors | ||
| License | CC Attribution - ShareAlike 3.0 Unported: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this | |
| Identifiers | 10.5446/42781 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
1
7
10
11
13
16
18
20
22
00:12
Data managementGroup actionComputerDirectory serviceLocal GroupConfiguration spaceActive DirectorySocial classDirected setElement (mathematics)ImplementationElectric currentMixed realityDisintegrationInformationMathematical optimizationLogical constantDatabaseLimit (category theory)Data structureServer (computing)Digital filterNumberDivisorAttribute grammarDatabaseImplementationInformationMathematicsType theoryUser interfaceSearch algorithmSoftware testingState of matterGroup actionMereologyPhysical systemLocal ringCentralizer and normalizerSystem callQuery languageConfiguration spaceFamilyServer (computing)Matching (graph theory)Parameter (computer programming)Directory serviceSystem administratorShared memoryPoint (geometry)Ocean currentInstallation artDirection (geometry)PasswordNeuroinformatikElement (mathematics)LoginMultiplication signSpacetimeMechanism design1 (number)CodeCloningStructural loadSlide ruleNumberGodState observerAuthenticationArithmetic progressionInteractive televisionElectronic mailing listPoint cloudMappingComputer animation
Transcript: English(auto-generated)
00:12
Hi. My name is Piotr. Today, I would like to talk about performance in OnCloud, and
00:20
the current topic is LDAP, the current opportunities and current challenges with that. And maybe some introduction to LDAP. What is LDAP? LDAP gives you a nice way to administrate your users, groups, and your computers even. You can manage in the centralised place user
00:46
data and you can change the groups dynamically, and the changes will be seen in other systems. So we have two types of LDAP, let's say, like brother and sister, there is open LDAP and there is active directory. However, let's skip a topic now of single LDAP. Let's talk
01:06
about LDAP for OnCloud, and why OnCloud needs LDAP. Basically, the first reason is that having your OnCloud installation, you don't have to manually insert users into the user interface.
01:23
It will be automatically updated from the system. The other is authentication, so that your user login and password will be automatically downloaded. Not downloaded, but it should be done through LDAP. The other fact is that it's very important also for OnCloud
01:44
that information stored in LDAP is also used in OnCloud like group memberships, quotas, sharing permissions, and other things. Yes, you can read more on the manual about that.
02:01
However, let's go back to this slide. It looks all very easy, but in fact it's not. So let's do maybe another more introduction. So the deeper introduction about the group memberships. This is one of the challenges. So we have two types of group memberships,
02:24
like the most important ones, member-of and member-uyd. So they both answer a simple question. So they ask groups generally if they know to what group belongs to Piotr. So there is group saying, oh, Piotr belongs to zombies. And if you have a member-of,
02:44
Piotr will also say, oh, I belong to group zombies. But if you have a member-uyd, then group knows about Piotr, but Piotr is not aware of the group. So that's a problem here. And another configuration detail is if you have active directory, you support member-of,
03:06
but does that mean that you are using this feature? No. Your group has to be configured as a POSIX group, sorry, as a group of names or kind of this group. And
03:22
POSIX group is linked with member-uyd, which is not supporting direct user access to the group membership. So it's also an important thing to remember about this. Yeah. About some details about that. I made a small test. So I created 50,000 users.
03:43
We've been mixed within 2,000 groups, and the creation time on my slow computer, let's say, was one hour, and it takes a space of five gigs. So if I did it with POSIX groups, all the parameters just drop down two times. So there are pluses and minuses of this
04:02
implementation. Okay. Let's go back to OnCloud, maybe. Current LDAP implementation works fine if you don't have many users and you just have a few groups, but if your installation grows bigger and bigger, that causes some problems, especially in synchronizing your data
04:26
from LDAP to your local system. So I pointed out a few points which might be improved. So the most important one is updating groups' memberships. If you don't have member-of
04:45
support, you actually have to ask every group what user are within that, and then you have to compare it to what you saved locally. Some users also reported things about group mappings,
05:02
and we should also take care about handling deleted LDAP users in OnCloud so that in the user interface you will also have a chance to manually delete users from OnCloud installations because it was deleted also in LDAP.
05:20
There is also a problem in a search algorithm that it is fetching too much data. We should also think about maybe limiting the amount of data which it is fetching per time, and if the user interacts, so scrolls down the list, the next data is being downloaded accordingly.
05:43
Yes, that's a good thing that we are able to reproduce the situation. So in the picture I just included some screenshots from our open LDAP. You can just see Zombie Army Zero which contains some Zombie King and OID for Zombie 2000 which
06:02
is Carlos Duncan probably, one of the guys here sitting. As a summarise, I have been thinking with all the OnClouders and after discussions maybe what could be improved also. So
06:22
I also discussed that with Thomas, so maybe we could create a unified database for both LDAP and OnCloud users so that it's based on their activity like logging in, sharing with some user and that probably will utilise the space their science.
06:44
Imagine the situation in which you have 50,000 users in LDAP and they are within 10,000 groups but your OnCloud installation in the current state just is using 1,000 users and 20 groups or 100 groups. So you are fetching from your LDAP, your existing LDAP server
07:05
with just excessive calls which are not needed. So maybe we have to rethink which part of OnCloud actually needs what information. This has to be thoroughly discussed.
07:20
We should, and it's already been in progress, that we should more utilise the attributes we have so each OnCloud installation is actually different. Each system administration is allowed to do anything with the LDAP so one LDAP could have just 10 groups but having 1,000 users
07:41
but another LDAP installation could have 10,000 users and 20,000 groups which means that there are some groups that are just empty so you just, if you don't have a member of support for example, your system is configured like that so it asks every group, even if it's empty,
08:06
about the users there, so it's an excessive call. As I said before, maybe a search mechanism for LDAP specifically, so it will just first not search for the users which are everywhere
08:28
in LDAP. Maybe let's fetch top most active ones which let's say match your query. If they
08:44
should also look more about the LDAP user authentication, if there also are not excessive calls being done, especially now using two-factor authentication, I saw also some user issues about that. Okay, that was a short insight about LDAP. Thank you very much
09:06
and hope you enjoyed the talk.