[keycloak-user] ldap group-ldap-mapper needs up to 60 seconds to add a user to a group
Michael Meier
saeich at rmm.li
Sun May 13 05:15:32 EDT 2018
We are using keycloak 3.4.3-final with an ldap user federation. Users
and groups are created in keycloak, and from there automatically written
to an openldap servers, since some application can only access them over
ldap. So the "edit mode" is writable and "sync registrations" is activated..
The group-mapper is configured as ldap_only.
Creating a new user is lightning fast. But if I add the user to a group,
where already around 1000 users are members of, it takes around 60
seconds to add it or also to remove it.it was faster when the group had
less member, but we can watch how the time grows the more members that
groups has. But it was already slow when there were only around 100
users, then it took around 10 seconds to add the user to the group.
When we add the users to th e groups directly in ldap it works in
miliseconds. So the problem seems to be a keycloak one.
In total there are maybe 2000 users and 15 different groups.
Keycloak is running in a docker container.
Anybody experiences similar problems? Or has any ideas what we could change?
We already tried to change the "User Groups Retrieve Strategy", disabled
the ldap cache. disable connection pooling and pagination. But nothing
seems to work.
thanks in advance
michael
More information about the keycloak-user
mailing list