[Building Sakai] Cleanup deleted users in site realms Was: Unresponsive jvm .. any suggestions?
Sam Ottenhoff
ottenhoff at longsight.com
Thu May 8 04:04:24 PDT 2014
There is new functionality in Sakai 10 to optionally present the orphaned
users to admin users or to the site maintainers for removal:
https://jira.sakaiproject.org/browse/SAK-21336
Removing users automatically would need to be fairly conservative, but
yeah, I agree, if we can't find the users' in the external user provider
after a few days of trying, they should probably be removed.
On Wed, May 7, 2014 at 7:05 PM, Steve Swinsburg
<steve.swinsburg at gmail.com>wrote:
> I've been thinking for some time that we need a way to clean out realms
> that have users in them but those users have been deleted. If a user drops
> off the system but is still in a site their uuid is left orphaned. This
> causes a lot of unnecessary work in trying to find the users and then just
> ignoring them.
>
> How about a quartz job to verify the users in the sites, removing orphaned
> users as necessary?
>
> Cheers
> Steve
>
> sent from my mobile device
> On 08/05/2014 4:19 AM, "Sam Ottenhoff" <ottenhoff at longsight.com> wrote:
>
>> Yes, it seems like the JVM is running out of memory, but we just
>>> configured JMX on one of app servers last night so we hope to get a
>>> definitive sense of things then.
>>>
>>
>>
>> If the JVM is running out of memory, the LDAP errors may be an effect of
>> Tomcat not having any spare resources instead of a cause of your issues.
>>
>>
>>
>>>
>>> We don't have that memory.org.sakaiproject.user.api.UserDirectoryService.callCache
>>> configured in sakai.properties so we'll enable that.
>>>
>>
>>
>> That line in sakai.properties will just modify the default cache
>> settings. The default cache is setup to hold user information for 5
>> minutes only.
>>
>>
>>>
>>> Users that no longer exist on the LDAP server (I think they've been
>>> de-provisioned, but are still in a 1000(s)+ user orientation course for new
>>> students).
>>>
>>> Could a large volume of this type of transaction generate that error?
>>>
>>
>> I doubt it. But regardless, because Sakai only caches users it finds,
>> the de-provisioned users are slowing down page accesses. So if you have
>> 1000 users in a site, and 100 of those users are no longer in LDAP, Sakai
>> will cache the 900 users it finds in LDAP but will not cache anything about
>> the 100 users it does not find in LDAP. This means that every time Sakai
>> needs the full roster (gradebook, roster, site info), it will re-query the
>> LDAP server for those 100 users.
>>
>> In Sakai 2.9, the JLDAP code was improved so that the getUsers() call
>> makes one query to LDAP instead of individual queries for each user. In
>> Sakai 10, the site-manage code was improved so that admin users can remove
>> orphaned/de-provisioned users from sites.
>>
>> --Sam
>>
>> _______________________________________________
>> sakai-dev mailing list
>> sakai-dev at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>
>> TO UNSUBSCRIBE: send email to
>> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
>> "unsubscribe"
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20140508/f47f3f79/attachment.html
More information about the sakai-dev
mailing list