In our project we are using Microsoft AD as our security system. Our access policy is that anyone working in our company is allowed to access our Ivy application.

Our problem now is that daily user synchronization and user filtering in our code is quite slow as we have over 50'000 possible users to synchronize, even though our application is only used by a couple of thousand users.

Is it possible to 'lazy load' users, only adding users to our Ivy system database on first usage / login? And not on first synchronization with our AD system? But still updating users that have been changed in AD during synchronization?

asked 29.04.2019 at 09:53

SupportIvyTeam's gravatar image

SupportIvyTeam ♦♦
1.4k102118122
accept rate: 77%

edited 01.05.2019 at 01:57


This depends on the version you are using. We added support for this use case with LTS version 7.0.12 and LE version 7.4.

You can change the default behavior by specifying the following properties:

LTS version 7.0.12 and later:

Add the additional system property -Dch.ivyteam.ivy.security.internal.jndi.import.ondemand=true to ivy.vm.additional.options in your Engine .ilc file. This property defines the default behavior of the engine.

If you want to override the default behavior for a specific application, you need to add an additional system property -Dch.ivyteam.ivy.security.internal.jndi.import.ondemand.[app_name]=[true | false] in your .ilc file.

LE Version 7.4 and later:

Add the following properties to the configuration of your security system (see [engineDir]/configuration/defaults/ivy.securitysystem.yaml)

Import:
  # Should users be imported on demand or by the synchronizing job.
  # If OnDemand is set to: 
  # true:  then users are not imported by the synchronization job.
  #        Instead, a user is imported the first time she logs in. 
  # false: then users are imported by the user synchronizing job.
  #        If a user was not yet imported by the user synchronization job she is also
  #        imported the first time she logs in.
  OnDemand: true

Note: While in 7.0.12+ the system property ch.ivyteam.ivy.security.internal.jndi.import.ondemand defines the default behavior for all security systems on an engine, in 7.4+ the default behavior cannot be changed and is always false.

link

answered 29.04.2019 at 10:00

Andreas%20Rusch's gravatar image

Andreas Rusch
441145
accept rate: 92%

edited 16.05.2019 at 04:28

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×19
×16

Asked: 29.04.2019 at 09:53

Seen: 1,890 times

Last updated: 16.05.2019 at 04:28