[keycloak-user] Federating LDAP server to Keycloak crashed with Out Of Memory error

[Chenyuan Zhang]

Hi there,

We were trying to add a LDAP user federation provider with around 5000 users. But the process crashed with out of memory error:

2018-06-02 06:54:35.900 UTC INFO Sync changed users finished: 393 imported users, 4532 updated users, 8 users failed sync! See server log for more details (Timer-2) [org.keycloak.storage.ldap.LDAPStorageProviderFactory] 
Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread "Brute Force Protector" 

Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread "Thread-74" 

Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread "Thread-330" 

Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread "Periodic Recovery" 

Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread "Thread-332" 

Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread "default task-324" 
2018-06-05 07:08:55.594 UTC ERROR java.lang.OutOfMemoryError: Java heap space (default task-333) [stderr] 

Here’re the options we used:

JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true -Duser.timezone=UTC

From what I read, it seems like Keycloak import users from LDAP to our production database through a periodic background task.

But I’m not sure what happened in the memory level that caused the OutOfMemory error. Does keycloak cache all data in memory during the sync process? Is there any configuration I can set to avoid this error? Is there a user number limit given our JAVA Options?

Any suggestion would be appreciated.

Thanks a lot,
Chenyuan