[keycloak-user] ldap group-ldap-mapper needs up to 60 seconds to add a user to a group

Marek Posolda mposolda at redhat.com
Tue May 22 03:23:27 EDT 2018


Feel free to create JIRA for this and use component "federation-ldap". I 
think we already have JIRA for this, but can't recall 100%.

Marek

On 13/05/18 11:15, Michael Meier wrote:
> We are using keycloak 3.4.3-final with an ldap user federation. Users
> and groups are created in keycloak, and from there automatically written
> to an openldap servers, since some application can only access them over
> ldap. So the "edit mode" is writable and "sync registrations" is activated..
> The group-mapper is configured as ldap_only.
> Creating a new user is lightning fast. But if I add the user to a group,
> where already around 1000 users are members of, it takes around 60
> seconds to add it or also to remove it.it was faster when the group had
> less member, but we can watch how the time grows the more members that
> groups has. But it was already slow when there were only around 100
> users, then it took around 10 seconds to add the user to the group.
> When we add the users to th e groups directly in ldap it works in
> miliseconds. So the problem seems to be a keycloak one.
> In total there are maybe 2000 users and 15 different groups.
> Keycloak is running in a docker container.
> 	
>
> Anybody experiences similar problems? Or has any ideas what we could change?
> We already tried to change the "User Groups Retrieve Strategy", disabled
> the ldap cache. disable connection pooling and pagination.  But nothing
> seems to work.
> thanks in advance
>
> michael
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user




More information about the keycloak-user mailing list