[keycloak-user] LDAP Role Mapper big groups issue (role-ldap-mapper)
Adam Lis
adam.lis at gmail.com
Wed Sep 27 13:16:19 EDT 2017
Hi!
I've role-ldap-mapper defined for my LDAP federation.
I can see on user logon, KeyCloak is issuing LDAP search with filter build
on role-ldap-mapper conditions.
KeyCloak is requesting whole resource from LDAP - in my case groups are
quite big.
If I understand correctly, only 'dn' attribute could be requested, since
query is being done anyway for each user on his logon.
In my case current approach results in waiting for LDAP response for over
20 seconds. In case only "dn" attribute for group would be requested, LDAP
response time is very short.
Is there a way to instruct role-ldap-mapper to retrieve only 'dn'
attribute, and assing a requesting user all groups based only by retrieved
'dn' attributes?
AdamLis;
More information about the keycloak-user
mailing list