User Federation (LDAP) - Listing users is very slow
147 views
Skip to first unread message
Duarte Rocha
Nov 8, 2021, 5:16:32 PM11/8/21
to Keycloak User
I'm testing integrating LDAP with Keycloak's latest version (15). I noticed that everything works as expected except when listing, searching and other user operations are very slow. Each operation will trigger several LDAP queries that make this process slow. When listing users it will trigger an LDAP query for each user being listed. Is this expected behavior?
I'm using LDAPs and the server is located on the cloud. Each LDAP query is not that slow at least from the logs it shows as taking ~300ms
Am I missing some obvious step? I have connection pooling on. Here is a query example from the Users - View all (I get one of these for each user on the table)
14:10:39,724 DEBUG [org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager] (default task-2) Creating LdapContext using properties:
[{java.naming.ldap.factory.socket=org.keycloak.truststore.SSLSocketFactory, java.naming.security.authentication=simple,
java.naming.provider.url=ldaps://company.ldap.okta.com:636,
com.sun.jndi.ldap.connect.pool=true,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.security.credentials=**************************************,
java.naming.security.principal=uid=us...@company.com,dc=company,dc=okta,dc=com}]
14:10:41,511 DEBUG [org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.perf] (default task-2)
LdapOperation: search
baseDn: ou=users,dc=company,dc=okta,dc=com
filter: (&(&(organizationalStatus=ACTIVE)(memberOf=cn=Keycloak,ou=groups,dc=company,dc=okta,dc=com))(uid=user)(objectclass=inetOrgPerson)(objectclass=organizationalPerson))
searchScope: 1
returningAttrs: [uid, modifyTimestamp, givenName, sn, mail, createTimestamp]
resultSize: 0
took: 280 ms
I'm using LDAPs and the server is located on the cloud. Each LDAP query is not that slow at least from the logs it shows as taking ~300ms
Am I missing some obvious step? I have connection pooling on. Here is a query example from the Users - View all (I get one of these for each user on the table)
14:10:39,724 DEBUG [org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager] (default task-2) Creating LdapContext using properties:
[{java.naming.ldap.factory.socket=org.keycloak.truststore.SSLSocketFactory, java.naming.security.authentication=simple,
java.naming.provider.url=ldaps://company.ldap.okta.com:636,
com.sun.jndi.ldap.connect.pool=true,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.security.credentials=**************************************,
java.naming.security.principal=uid=us...@company.com,dc=company,dc=okta,dc=com}]
14:10:41,511 DEBUG [org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.perf] (default task-2)
LdapOperation: search
baseDn: ou=users,dc=company,dc=okta,dc=com
filter: (&(&(organizationalStatus=ACTIVE)(memberOf=cn=Keycloak,ou=groups,dc=company,dc=okta,dc=com))(uid=user)(objectclass=inetOrgPerson)(objectclass=organizationalPerson))
searchScope: 1
returningAttrs: [uid, modifyTimestamp, givenName, sn, mail, createTimestamp]
resultSize: 0
took: 280 ms
Reply all
Reply to author
Forward
0 new messages