4:15 a.m.
We are using keycloak 3.4.3-final with an ldap user federation. Users
and groups are created in keycloak, and from there automatically written
to an openldap servers, since some application can only access them over
ldap. So the "edit mode" is writable and "sync registrations" is
activated..
The group-mapper is configured as ldap_only.
Creating a new user is lightning fast. But if I add the user to a group,
where already around 1000 users are members of, it takes around 60
seconds to add it or also to remove it.it was faster when the group had
less member, but we can watch how the time grows the more members that
groups has. But it was already slow when there were only around 100
users, then it took around 10 seconds to add the user to the group.
When we add the users to th e groups directly in ldap it works in
miliseconds. So the problem seems to be a keycloak one.
In total there are maybe 2000 users and 15 different groups.
Keycloak is running in a docker container.
Anybody experiences similar problems? Or has any ideas what we could change?
We already tried to change the "User Groups Retrieve Strategy", disabled
the ldap cache. disable connection pooling and pagination. But nothing
seems to work.
thanks in advance
michael
2:23 a.m.
Feel free to create JIRA for this and use component "federation-ldap". I
think we already have JIRA for this, but can't recall 100%.
Marek
On 13/05/18 11:15, Michael Meier wrote:
We are using keycloak 3.4.3-final with an ldap user federation.
Users
and groups are created in keycloak, and from there automatically written
to an openldap servers, since some application can only access them over
ldap. So the "edit mode" is writable and "sync registrations" is
activated..
The group-mapper is configured as ldap_only.
Creating a new user is lightning fast. But if I add the user to a group,
where already around 1000 users are members of, it takes around 60
seconds to add it or also to remove it.it was faster when the group had
less member, but we can watch how the time grows the more members that
groups has. But it was already slow when there were only around 100
users, then it took around 10 seconds to add the user to the group.
When we add the users to th e groups directly in ldap it works in
miliseconds. So the problem seems to be a keycloak one.
In total there are maybe 2000 users and 15 different groups.
Keycloak is running in a docker container.
Anybody experiences similar problems? Or has any ideas what we could change?
We already tried to change the "User Groups Retrieve Strategy", disabled
the ldap cache. disable connection pooling and pagination. But nothing
seems to work.
thanks in advance
michael
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2878
days inactive
2887
days old
1 comments
2 participants
participants (2)
-
Marek Posolda -
Michael Meier