Reported on 12.0.2, tested on 12.0.4 and 5.1
When creating an OAuth2 client endpoint using a rest call a number of cfgstore searches are triggered, one of which is an unfiltered search, in an environment with a large number of endpoints this can cause large etimes.
- Using an OpenAM instance with an external DJ as config store
- Create an OAuth client using the rest endpoint e.g. for AM5 -
or earlier versions -
- Examine the DJ access log, and see a search similar to -
A search for matching names without using unindexed attribute or broad filter
I understand that it will need to search for matching names so you don't have duplicates but cannot see a reason for this search which when used with large deployments can cause slow creation (for example my screenshot above has 5487 clients and an eTime of 531, the use case given to us for a customer is to create over 100k clients)
The code is kicked when AgentsRepo tries to create a profile and then SMS layer checks the existing config :
SMSEmbeddedLdapObject or SMSLdapObject send search request with objectclass=*
The above code is for embedded, but external configstore code does similar thing using LDAPRequests.newSingleEntrySearchRequest().
We should either :
1. change the filter so it will search for (||(objectclass=sunServiceComponent)(objectclass=sunService))
2. search for RDN value