Re: [keycloak-user] Will Keycloak scale to handle hundreads of LDAP integrations?

Hi all, One more thing to keep in mind is that Keycloak only allows an email address to be used once in every realm. So if a user has the same email address across several ldap servers, it might cause you some problems if all users are in the same realm. I presume the same limitation goes for user names. Cheers /Daniel _______________________________________________________________________ Daniel Hammarberg Managing Delivery Architect | Application Services Capgemini Sweden | Göteborg www.capgemini.com _______________________________________________________________________ Connect with Capgemini: -----Original Message----- From: Stian Thorgersen <sthorger(a)redhat.com&gt; Sent: den 14 juni 2018 14:35 To: Filipe Abrahao Cc: keycloak-user Subject: Re: [keycloak-user] Will Keycloak scale to handle hundreads of LDAP integrations? Are you planning to have a single realm? The way users are retrieved when there is multiple LDAP servers is currently quite limited. It will simply search through them in order until the user is found. Once found a user with the link to the correct LDAP

be setup. With hundreds of LDAP connections this will most likely be

slow. It's also not a scenario we've tested so you would have to test and experiment with this yourself. On 14 June 2018 at 14:30, Filipe Abrahao <lfa(a)doodle.com&gt; wrote: > Hi everyone, > > I work at Doodle, an online platform to help people to schedule > meetings and social events, we have around 28m people that use our > product every month and we are in the process of splitting our monolith. > > We have been experimenting with Keycloak as our auth service, and so > far we are pretty happy with it, we just making sure it fulfils all > our requirements, but we have one that we are not sure if it would > work with > Keycloak: > > Some of our bigger users, like universities and big corporations > require to manage their users via LDAP. We know that Keycloak can integrate with LDAP. > But my question is if creating one LDAP configuration for each client > is the right way to do it. > > If we have to configure one LDAP integration for each client that > requires it, we potentially will end-up with hundreds (perhaps thousands) of them. > Will it scale? Will Keycloak be able to handle that? > > many thanks, > Filipe A > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > ________________________________ Capgemini is a trading name used by the Capgemini Group of companies which includes Capgemini Sverige AB, a company registered in Sweden (number 556092-3053) whose registered office is at Gustavslundsvägen 131 Box 825 – S-161 24 Bromma. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user