Skip to content

Improve memory usage of DnRoleMapper #34237

New issue
New issue
Closed
Closed
Improve memory usage of DnRoleMapper#34237
Assignees
jaymode
Labels
:Security/AuthenticationLogging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)
@jaymode

Description

@jaymode
jaymode
opened on Oct 2, 2018

The DnRoleMapper class is used to map distinguished names of groups and users to role names. This mapper builds in an internal map that maps from a com.unboundid.ldap.sdk.DN to a Set<String>. In cases where a lot of distinct DNs are mapped to roles, this can consume quite a bit of memory; in one case a single DnRoleMapper was found to consume over 1GB of heap space.

The majority of the memory is consumed by the DN object. A 94 character DN that has 9 relative DNs (RDN) will retain 4KB of memory. The majority of this memory comes from building objects for the relative dns and retaining those which includes their ASN1 representation.

We should look and see if we can optimize the memory usage of this class so that heap space can be better utilized.

Metadata

Metadata

Assignees

Labels

:Security/AuthenticationLogging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions