feat: locally cache frequently requested LDAP mapping data #54429
Conversation
blizzz
force-pushed
the
feat/noid/cache-ldap-mapping
branch
3 times, most recently
from
29d5976 to
4e03364
Compare
come-nc
left a comment
come-nc
left a comment
There was a problem hiding this comment.
I tend to be a bit scared about this kind of things, we cache stuff from LDAP to DB to avoid too many LDAP queries, and then we cache stuff from DB to Cache to avoid DB queries.
Why local cache and not distributed? Is it because the cache is local that there is the FIXME about broadcasting?
Why the limit to 2000 by default, what is the risk of putting too much lines in Cache? 1MiB does not sound like that much.
| /** @var array caches Names (value) by DN (key) */ | ||
| protected $cache = []; | ||
| protected function initLocalCache(): void { | ||
| if ($this->isCLI || !$this->cacheFactory->isLocalCacheAvailable()) { |
There was a problem hiding this comment.
For APCu does not have a shared cache. There is no benefit over the runtime cache that was already present.
| return; | ||
| } | ||
|
|
||
| $section = \str_contains($this->getTableName(), 'user') ? 'u/' : 'g/'; |
There was a problem hiding this comment.
| $section = \str_contains($this->getTableName(), 'user') ? 'u/' : 'g/'; | |
| $section = $this->getTableName(); |
Why make it more complicated than this?
There was a problem hiding this comment.
Why make it more complicated than this?
It is shorter and thus may save allocation of bytes in APCU.
It showed that 5% of our queries are just those lookups. UPDATE looking at current data it is 7% of all queries that are
Local cache is faster, and does not require any networking. There is also no global state here, but data that barely changes (and for that we have logic already).
When APCu overflows, then the entire cache is flushed, which then is quite expensive across the whole instance. |
blizzz
force-pushed
the
feat/noid/cache-ldap-mapping
branch
from
4e03364 to
7d99e6e
Compare
|
/backport to stable32 |
blizzz
force-pushed
the
feat/noid/cache-ldap-mapping
branch
from
7d99e6e to
8fc543b
Compare
blizzz
added
3. to review
This comment was marked as resolved.
This comment was marked as resolved.
blizzz
force-pushed
the
feat/noid/cache-ldap-mapping
branch
from
8fc543b to
d91ce32
Compare
artonge
left a comment
artonge
left a comment
There was a problem hiding this comment.
Looks good to me besides nitpick
Does it mean that admin would need to flush the cache if they change one user's display name? If so, we'll need to update the documentation.
| return; | ||
| } | ||
|
|
||
| $useLocalCache = $this->config->getValueString('user_ldap', 'use_local_mapping_cache', 'auto', false); |
There was a problem hiding this comment.
Register it in the Lexicon?
There was a problem hiding this comment.
👍 I'll check. I saw lexicon flying by, but don't really know what it does yet.
There was a problem hiding this comment.
From a first glance, I suppose Lexicon support would be a follow-PR as we have other switches as well.
No, this is unrelated to the display name. It only stores DNs to a userid, or false if there is none (e.g. local users are thrown against this through the user abstraction layer on userExists calls). |
This comment was marked as resolved.
This comment was marked as resolved.
blizzz
force-pushed
the
feat/noid/cache-ldap-mapping
branch
2 times, most recently
from
b3483f0 to
81e7d06
Compare
This comment was marked as resolved.
This comment was marked as resolved.
Signed-off-by: Arthur Schiwon <[email protected]>
- has the advantage that queries will be reported in the query.log when configured Signed-off-by: Arthur Schiwon <[email protected]>
blizzz
force-pushed
the
feat/noid/cache-ldap-mapping
branch
from
81e7d06 to
49f1c3f
Compare
|
blizzz
added
3. to review
Summary
We save that looking up DN by user/group ID is taking up to 5% of all database queries. Albeit they are simple and do not transfer much data, it is still worthwhile to reduce them, since this data barely ever changes.
Checklist