[GAP] Update

Waldbieser, Carl waldbiec at lafayette.edu
Thu Nov 13 11:03:31 EST 2014 

Michael,

Is there an architectural diagram of GAP somewhere?
I was wondering if GAP is farming out group updates to multiple LDAP-updaters.
At Lafayette, account memberships and group members must be kept in sync in application logic (our OpenLDAP directory service does not synchronize these values).  So I was also wondering if the components of GAP that update LDAP can distribute the tasks for updating group members and updating account memberships to separate workers?

Thanks,
Carl Waldbieser
ITS System Programmer
Lafayette College

----- Original Message -----
From: "Michael R. Gettes" <gettes at cmu.edu>
To: identity-services-gap at lists.andrew.cmu.edu
Sent: Thursday, November 13, 2014 10:31:34 AM
Subject: [GAP] Update

Hi All,

I am hoping Rahul will be providing updates from this point forward.  

Based on discussions at TechX, CMU will continue to develop GAP as the grouper devs will be providing a basic capability within grouper so there will still be a need for something to provide efficient and fast LDAP provisioning (and possibly other provisioning capabilities).  Keep in mind while we have been concentrating on LDAP and AD, GAP could be extended to other capabilities if it is an appropriate mechanism to do so.  We already have about 10 institutions on this mailing list.  We do hope GAP is useful to others as we don’t want this to be a CMU only piece of software.

Rahul is concentrating on getting grouper 2.2.1 out the door but has a working prototype for batching of large changes to static group objects.  Essentially, we are doing a read-ahead into the AMQ queue and applying up to 1000 adds or deletes in a single LDAP modify.  Initial testing gets group creation or deletion down to around 3-4 min for a group of 25,000.  Keep in mind GAP already does periodic bulk updates and this change is to make normal incremental operations to static group objects even faster.  At this time, we don’t think there is much we can do to speed up isMemberOf operations.  We are getting more comfortable with the idea of sites like PSU and Indiana being able to use this successfully.  Our concern is we have made this work for CMU and code changes may be needed to be more flexible for different types of operating scenarios and DITs and so on.  So, the more who work on it, the better it will be for all.

It was great seeing folks at TechX.

/mrg

_______________________________________________
Identity-services-gap mailing list
Identity-services-gap at lists.andrew.cmu.edu
https://lists.andrew.cmu.edu/mailman/listinfo/identity-services-gap

More information about the Identity-services-gap mailing list