Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-23737

Improve handling of expired LDAP cache entries under high load

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.14.13, 3.22.1
    • Fix Version/s: None
    • Component/s: LDAP
    • Notability:
      3

      Description

      When the cached LDAP information expires Nexus Repo will make a query to the LDAP server to retrieve that user's LDAP groups.  If there are large numbers of requests coming into Nexus Repo for that user at the time this happens it will result in multiple, concurrent requests to the LDAP server to retreive the user's LDAP groups, all of which are making the exact same query.

      This can overwhelm some LDAP servers, leading to authentication failures. In some cases all the threads available to the NXRM process will be consumed, resulting in NXRM instability and un-responsiveness.

      We should consider adding a queuing mechanism to the LDAP code.  Identical requests that trigger cache repopulation should queue up and wait if there is already another request running to retreive this information.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            rseddon Rich Seddon
            Last Updated By:
            Rich Seddon Rich Seddon
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Date of First Response:

                tigCommentSecurity.panel-title