Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-15878

Displaying a user's roles in the admin UI renders IDM unresponsive with a large overall number of role members

    Details

    • Target Version/s:
    • Support Ticket IDs:

      Description

      This issue is related to OPENIDM-13845 and can be worked around by the same manual modification of ui/admin/default/org/forgerock/commons/ui/common/main/AbstractCollection.js

      However, in this case the impact on IDM is more serious, to the extent that IDM throws LDAP connection errors and eventually stops responding: When navigating to the 'edit user details' view in the admin UI with the _sortKeys parameter present, IDM fetches all members of all relationship collections of the given user, apparently for the purpose of sorting them in memory and displaying the first 50. When the user is a member of several roles each having a large number of members, this sequence of requests takes a long time to complete, during which IDM uses 100% CPU and the UI is not updated to reflect that IDM is busy. This typically prompts the user to click on other tabs or refresh the page, thereby prompting additional requests of the same kind. Depending on the amount of members per role and the available system resources, the UI will eventually pop up "LDAP connection" errors, and IDM can end up in an unresponsive state, requiring a restart (reproduced with 45k users and 4 roles er user with between 8k and 45k members each).

      When the _sortKeys parameter is disabled as described in OPENIDM-13845, IDM does not send requests for all members of the current user's role. See below an edited excerpt of the DS logs:

      With _sortKeys present:

      Get user: 0ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35544},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":17,"msgId":4,
      "dn":"uid=325fa0fa-e488-4f02-b469-95b29810264c,ou=user,ou=managed,dc=openidm,dc=forgerock,dc=com",
      "scope":"base",
      "filter":"(objectClass=*)",
      "attrs":["objectClass","uid","etag","fr-idm-managed-user-json","fr-idm-managed-user-manager"]},
      "transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3261",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":0,"elapsedTimeUnits":"MILLISECONDS","nentries":1},"timestamp":"2020-12-01T00:18:20.265Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3263"}
      
      Get Org relationship: 2ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35546},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":18,"msgId":3,
      "dn":"ou=relationships,dc=openidm,dc=forgerock,dc=com",
      "scope":"one",
      "filter":"(&(|(&(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/firstResourceCollection eq \"managed/user\")(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/firstPropertyName eq \"org\")(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/firstResourceId eq \"325fa0fa-e488-4f02-b469-95b29810264c\"))(&(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/secondResourceCollection eq \"managed/user\")(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/secondPropertyName eq \"org\")(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/secondResourceId eq \"325fa0fa-e488-4f02-b469-95b29810264c\")))(objectClass=uidObject)(objectClass=fr-idm-relationship)(objectClass=top))",
      "attrs":["objectClass","uid","etag","fr-idm-relationship-json"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3272",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":2,"elapsedTimeUnits":"MILLISECONDS","nentries":1},"timestamp":"2020-12-01T00:18:20.346Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3274"}
      
      Get org details: 1ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35546},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":18,"msgId":4,
      "dn":"uid=orgSA,ou=org,ou=managed,dc=openidm,dc=forgerock,dc=com","scope":"base","filter":"(objectClass=*)",
      "attrs":["objectClass","uid","etag","fr-idm-json"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3275",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":1,"elapsedTimeUnits":"MILLISECONDS","nentries":1},"timestamp":"2020-12-01T00:18:20.349Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3277"}
      
      Get user's "1.1" (??): 2ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35544},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":17,"msgId":5,
      "dn":"ou=user,ou=managed,dc=openidm,dc=forgerock,dc=com","scope":"one",
      "filter":"(&(objectClass=*)(uid=325fa0fa-e488-4f02-b469-95b29810264c))",
      "attrs":["1.1"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3278",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":2,"elapsedTimeUnits":"MILLISECONDS","nentries":1},"timestamp":"2020-12-01T00:18:20.788Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3280"}
      
      GEt user details: 3ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35544},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":17,"msgId":6,
      "dn":"ou=user,ou=managed,dc=openidm,dc=forgerock,dc=com","scope":"one",
      "filter":"(&(fr-idm-managed-user-manager:nameAndOptionalJsonEqualityMatchingRule:=uid=325fa0fa-e488-4f02-b469-95b29810264c,ou=user,ou=managed,dc=openidm,dc=forgerock,dc=com)(objectClass=uidObject)(objectClass=fr-idm-managed-user)(objectClass=top))",
      "attrs":["objectClass","uid","etag","fr-idm-managed-user-json","fr-idm-managed-user-roles","fr-idm-managed-user-manager","fr-idm-managed-user-meta","fr-idm-managed-user-notifications","fr-idm-managed-user-authzroles-internal-role"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3281",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":3,"elapsedTimeUnits":"MILLISECONDS","nentries":0},"timestamp":"2020-12-01T00:18:20.795Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3283"}
      
      
      Get user's roles: 1ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35546},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":18,"msgId":5,
      "dn":"ou=user,ou=managed,dc=openidm,dc=forgerock,dc=com","scope":"one",
      "filter":"(&(objectClass=*)(uid=325fa0fa-e488-4f02-b469-95b29810264c)(fr-idm-managed-user-roles=*))",
      "attrs":["fr-idm-managed-user-roles"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3284",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":1,"elapsedTimeUnits":"MILLISECONDS","nentries":1},"timestamp":"2020-12-01T00:18:20.844Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3286"}
      
      
      Get details, assignments of role4: 1ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35546},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":18,"msgId":6,
      "dn":"ou=role,ou=managed,dc=openidm,dc=forgerock,dc=com","scope":"one",
      "filter":"(&(|(entryDN=uid=role4,ou=role,ou=managed,dc=openidm,dc=forgerock,dc=com)(entryDN=uid=role0,ou=role,ou=managed,dc=openidm,dc=forgerock,dc=com)(entryDN=uid=role1999,ou=role,ou=managed,dc=openidm,dc=forgerock,dc=com)(entryDN=uid=5d7a3c70-c4b4-4897-a3f7-d7fa35307db7,ou=role,ou=managed,dc=openidm,dc=forgerock,dc=com))(objectClass=uidObject)(objectClass=fr-idm-managed-role)(objectClass=top))",
      "attrs":["objectClass","uid","etag","fr-idm-managed-role-json","fr-idm-managed-role-assignments"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3287",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":1,"elapsedTimeUnits":"MILLISECONDS","nentries":4},"timestamp":"2020-12-01T00:18:20.846Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3289"}
      
      
      Get all members of role4: 15620ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35546},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":18,"msgId":7,
      "dn":"ou=user,ou=managed,dc=openidm,dc=forgerock,dc=com","scope":"one",
      "filter":"(fr-idm-managed-user-roles:nameAndOptionalJsonEqualityMatchingRule:=uid=role4,ou=role,ou=managed,dc=openidm,dc=forgerock,dc=com)",
      "attrs":["uid","objectClass","etag","fr-idm-managed-user-json","fr-idm-managed-user-roles"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3290",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":15620,"elapsedTimeUnits":"MILLISECONDS","additionalItems":{"unindexed":null},"nentries":7787},"timestamp":"2020-12-01T00:18:36.468Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3297"}
      
      Get details of role4: 0ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35544},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":17,"msgId":7,
      "dn":"uid=role4,ou=role,ou=managed,dc=openidm,dc=forgerock,dc=com","scope":"base",
      "filter":"(objectClass=*)",
      "attrs":["objectClass","uid","etag","fr-idm-managed-role-json"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3298",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":0,"elapsedTimeUnits":"MILLISECONDS","nentries":1},"timestamp":"2020-12-01T00:18:38.514Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3300"}
      
      
      Get all 11k members of role 5d7a3c70-c4b4-4897-a3f7-d7fa35307db7:  18064ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35546},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":18,"msgId":10,
      "dn":"ou=user,ou=managed,dc=openidm,dc=forgerock,dc=com","scope":"one",
      "filter":"(fr-idm-managed-user-roles:nameAndOptionalJsonEqualityMatchingRule:=uid=5d7a3c70-c4b4-4897-a3f7-d7fa35307db7,ou=role,ou=managed,dc=openidm,dc=forgerock,dc=com)",
      "attrs":["uid","objectClass","etag","fr-idm-managed-user-json","fr-idm-managed-user-roles"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3293",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":18064,"elapsedTimeUnits":"MILLISECONDS","additionalItems":{"unindexed":null},"nentries":11111},"timestamp":"2020-12-01T00:18:38.912Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3304"}
      
      Get all 45k members of role0: 27009ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35546},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":18,"msgId":8,
      "dn":"ou=user,ou=managed,dc=openidm,dc=forgerock,dc=com","scope":"one",
      "filter":"(fr-idm-managed-user-roles:nameAndOptionalJsonEqualityMatchingRule:=uid=role0,ou=role,ou=managed,dc=openidm,dc=forgerock,dc=com)",
      "attrs":["uid","objectClass","etag","fr-idm-managed-user-json","fr-idm-managed-user-roles"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3291",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":27009,"elapsedTimeUnits":"MILLISECONDS","additionalItems":{"unindexed":null},"nentries":45001},"timestamp":"2020-12-01T00:18:47.857Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3308"}
      
      Get all 45k members of role1999: 27185ms 
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35546},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":18,"msgId":9,
      "dn":"ou=user,ou=managed,dc=openidm,dc=forgerock,dc=com","scope":"one",
      "filter":"(fr-idm-managed-user-roles:nameAndOptionalJsonEqualityMatchingRule:=uid=role1999,ou=role,ou=managed,dc=openidm,dc=forgerock,dc=com)",
      "attrs":["uid","objectClass","etag","fr-idm-managed-user-json","fr-idm-managed-user-roles"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3292",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":27185,"elapsedTimeUnits":"MILLISECONDS","additionalItems":{"unindexed":null},"nentries":45001},"timestamp":"2020-12-01T00:18:48.033Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3312"}
      
      Get details of role0: 0ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35544},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":17,"msgId":8,
      "dn":"uid=role0,ou=role,ou=managed,dc=openidm,dc=forgerock,dc=com","scope":"base","filter":"(objectClass=*)",
      "attrs":["objectClass","uid","etag","fr-idm-managed-role-json"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3313",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":0,"elapsedTimeUnits":"MILLISECONDS","nentries":1},"timestamp":"2020-12-01T00:18:51.376Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3315"}
      
      Get details of role1999: 0ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35544},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":17,"msgId":9,
      "dn":"uid=role1999,ou=role,ou=managed,dc=openidm,dc=forgerock,dc=com","scope":"base",
      "filter":"(objectClass=*)",
      "attrs":["objectClass","uid","etag","fr-idm-managed-role-json"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3316",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":0,"elapsedTimeUnits":"MILLISECONDS","nentries":1},"timestamp":"2020-12-01T00:18:57.220Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3318"}
      
      Get details of role 5d7a3c70-c4b4-4897-a3f7-d7fa35307db7:  1ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35544},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":17,"msgId":10,
      "dn":"uid=5d7a3c70-c4b4-4897-a3f7-d7fa35307db7,ou=role,ou=managed,dc=openidm,dc=forgerock,dc=com","scope":"base",
      "filter":"(objectClass=*)",
      "attrs":["objectClass","uid","etag","fr-idm-managed-role-json"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3319",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":1,"elapsedTimeUnits":"MILLISECONDS","nentries":1},"timestamp":"2020-12-01T00:18:58.075Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3321"}
      

      With _sortKeys disabled (and looking at a different user, apologies):

      Get list of users: 24ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35548},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":19,"msgId":6,
      "dn":"ou=user,ou=managed,dc=openidm,dc=forgerock,dc=com","scope":"one",
      "filter":"(&(objectClass=uidObject)(objectClass=fr-idm-managed-user)(objectClass=top))",
      "attrs":["objectClass","uid","etag","fr-idm-managed-user-json"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3381",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":24,"elapsedTimeUnits":"MILLISECONDS","additionalItems":{"unindexed":null},"nentries":50},"timestamp":"2020-12-01T00:23:30.568Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3385"}
      
      Get individual user: 1ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35548},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":19,"msgId":7,
      "dn":"uid=0000c8c7-1c1f-4071-8a12-6d2937fe428c,ou=user,ou=managed,dc=openidm,dc=forgerock,dc=com","scope":"base",
      "filter":"(objectClass=*)",
      "attrs":["objectClass","uid","etag","fr-idm-managed-user-json","fr-idm-managed-user-manager"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3386",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":1,"elapsedTimeUnits":"MILLISECONDS","nentries":1},"timestamp":"2020-12-01T00:24:29.226Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3388"}
      
      Get this user's "org" relationship: 2ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35550},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":20,"msgId":3,
      "dn":"ou=relationships,dc=openidm,dc=forgerock,dc=com","scope":"one",
      "filter":"(&(|(&(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/firstResourceCollection eq \"managed/user\")(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/firstPropertyName eq \"org\")(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/firstResourceId eq \"0000c8c7-1c1f-4071-8a12-6d2937fe428c\"))(&(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/secondResourceCollection eq \"managed/user\")(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/secondResourceId eq \"0000c8c7-1c1f-4071-8a12-6d2937fe428c\")(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/secondPropertyName eq \"org\")))(objectClass=uidObject)(objectClass=fr-idm-relationship)(objectClass=top))",
      "attrs":["objectClass","uid","etag","fr-idm-relationship-json"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3397",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":2,"elapsedTimeUnits":"MILLISECONDS","nentries":1},"timestamp":"2020-12-01T00:24:29.285Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3399"}
      
      Get org details: 1ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35550},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":20,"msgId":4,
      "dn":"uid=orgSN,ou=org,ou=managed,dc=openidm,dc=forgerock,dc=com","scope":"base","filter":"(objectClass=*)",
      "attrs":["objectClass","uid","etag","fr-idm-json"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3400",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":1,"elapsedTimeUnits":"MILLISECONDS","nentries":1},"timestamp":"2020-12-01T00:24:29.288Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3402"}
      
      Get user details: 0ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35548},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":19,"msgId":8,
      "dn":"uid=0000c8c7-1c1f-4071-8a12-6d2937fe428c,ou=user,ou=managed,dc=openidm,dc=forgerock,dc=com","scope":"base",
      "filter":"(objectClass=*)",
      "attrs":["objectClass","uid","etag","fr-idm-managed-user-json"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3403",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":0,"elapsedTimeUnits":"MILLISECONDS","nentries":1},"timestamp":"2020-12-01T00:24:30.004Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3405"}
      
      Get links: 0ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35550},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":20,"msgId":5,
      "dn":"ou=links,dc=openidm,dc=forgerock,dc=com","scope":"one",
      "filter":"(&(|(fr-idm-link-firstId=0000c8c7-1c1f-4071-8a12-6d2937fe428c)(fr-idm-link-secondId=0000c8c7-1c1f-4071-8a12-6d2937fe428c))(objectClass=uidObject)(objectClass=fr-idm-link)(objectClass=top))",
      "attrs":["objectClass","uid","etag","fr-idm-link-type","fr-idm-link-qualifier","fr-idm-link-firstId","fr-idm-link-secondId","fr-idm-link-firstid-constraint","fr-idm-link-secondid-constraint"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3406",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":0,"elapsedTimeUnits":"MILLISECONDS","nentries":0},"timestamp":"2020-12-01T00:24:30.009Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3408"}
      
      Get user's reports: 1ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35548},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":19,"msgId":9,
      "dn":"ou=relationships,dc=openidm,dc=forgerock,dc=com","scope":"one",
      "filter":"(&(|(&(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/firstResourceCollection eq \"managed/user\")(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/firstPropertyName eq \"reports\")(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/firstResourceId eq \"0000c8c7-1c1f-4071-8a12-6d2937fe428c\"))(&(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/secondResourceCollection eq \"managed/user\")(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/secondResourceId eq \"0000c8c7-1c1f-4071-8a12-6d2937fe428c\")(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/secondPropertyName eq \"reports\")))(objectClass=uidObject)(objectClass=fr-idm-relationship)(objectClass=top))",
      "attrs":["objectClass","uid","etag","fr-idm-relationship-json"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3409",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":1,"elapsedTimeUnits":"MILLISECONDS","nentries":0},"timestamp":"2020-12-01T00:24:30.201Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3411"}
      
      Get user's roles: 1ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35550},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":20,"msgId":6,
      "dn":"ou=relationships,dc=openidm,dc=forgerock,dc=com","scope":"one","filter":"(&(|(&(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/firstResourceCollection eq \"managed/user\")(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/firstPropertyName eq \"roles\")(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/firstResourceId eq \"0000c8c7-1c1f-4071-8a12-6d2937fe428c\"))(&(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/secondResourceCollection eq \"managed/user\")(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/secondResourceId eq \"0000c8c7-1c1f-4071-8a12-6d2937fe428c\")(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/secondPropertyName eq \"roles\")))(objectClass=uidObject)(objectClass=fr-idm-relationship)(objectClass=top))",
      "attrs":["objectClass","uid","etag","fr-idm-relationship-json"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3412",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":1,"elapsedTimeUnits":"MILLISECONDS","nentries":3},"timestamp":"2020-12-01T00:24:30.262Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3414"}
      
      Get role2 details: 0ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35548},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":19,"msgId":10,
      "dn":"uid=role2,ou=role,ou=managed,dc=openidm,dc=forgerock,dc=com","scope":"base","filter":"(objectClass=*)",
      "attrs":["objectClass","uid","etag","fr-idm-managed-role-json"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3415",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":0,"elapsedTimeUnits":"MILLISECONDS","nentries":1},"timestamp":"2020-12-01T00:24:30.264Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3417"}
      
      Get role0 details: 0ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35548},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":19,"msgId":11,
      "dn":"uid=role0,ou=role,ou=managed,dc=openidm,dc=forgerock,dc=com","scope":"base",
      "filter":"(objectClass=*)",
      "attrs":["objectClass","uid","etag","fr-idm-managed-role-json"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3418",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":0,"elapsedTimeUnits":"MILLISECONDS","nentries":1},"timestamp":"2020-12-01T00:24:30.267Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3420"}
      
      Get role1999 details: 4ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35548},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":19,"msgId":12,
      "dn":"uid=role1999,ou=role,ou=managed,dc=openidm,dc=forgerock,dc=com","scope":"base",
      "filter":"(objectClass=*)",
      "attrs":["objectClass","uid","etag","fr-idm-managed-role-json"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3421",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":4,"elapsedTimeUnits":"MILLISECONDS","nentries":1},"timestamp":"2020-12-01T00:24:30.274Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3423"}
      
      Get user's authRoles: 0ms
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35548},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":19,"msgId":13,
      "dn":"ou=relationships,dc=openidm,dc=forgerock,dc=com","scope":"one",
      "filter":"(&(|(&(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/secondResourceCollection eq \"managed/user\")(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/secondPropertyName eq \"authzRoles\")(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/secondResourceId eq \"0000c8c7-1c1f-4071-8a12-6d2937fe428c\"))(&(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/firstResourceCollection eq \"managed/user\")(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/firstPropertyName eq \"authzRoles\")(fr-idm-relationship-json:caseIgnoreJsonQueryMatchRelationship:=/firstResourceId eq \"0000c8c7-1c1f-4071-8a12-6d2937fe428c\")))(objectClass=uidObject)(objectClass=fr-idm-relationship)(objectClass=top))",
      "attrs":["objectClass","uid","etag","fr-idm-relationship-json"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3424",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":2,"elapsedTimeUnits":"MILLISECONDS","nentries":1},"timestamp":"2020-12-01T00:24:30.293Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3426"}
      {"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":35550},"server":{"ip":"127.0.0.1","port":31389},"request":{"protocol":"LDAP","operation":"SEARCH","connId":20,"msgId":7,"dn":"cn=openidm-authorized,ou=roles,ou=internal,dc=openidm,dc=forgerock,dc=com","scope":"base","filter":"(objectClass=*)","attrs":["objectClass","cn","etag","fr-idm-privilege","fr-idm-condition","fr-idm-name","description","fr-idm-temporal-constraints"]},"transactionId":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3427",
      "response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":0,"elapsedTimeUnits":"MILLISECONDS","nentries":1},"timestamp":"2020-12-01T00:24:30.295Z","_id":"ae1c3cce-7e41-4023-8fa4-1ee8ccf5c2c2-3429"}
      

       Note that the above queries are sent up front when bringing up the edit user view, not when navigating to the corresponding tabs.

      When links exist for this user, the related connector is tested in addition, adding to the overhead.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                dhogan Dirk Hogan
                Reporter:
                tim.vogt Tim Vogt
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: