Common Ldap handler connection pooling
Currently LDAP API handler establishes new connection for identity data (user, group) lookup which becomes quite costly when TLS support is enabled. With TLS enabled, establishing new connection is quite expensive so idea is to re-use already established pool of connections.
So locally we tried to optimize ldap lookup by using connection pooling (https:/
By default, connection pooling is going to be disabled. Configuration parameters are going to be added for enabling, pool size, number of re-try attempts, delay in retries. These configuration is going to be added in existing config section, ldap
Adding text from initial bug opened related to this.
Bug# https:/
In performance testing with 100 concurrent users, with OpenLdap as ldap server, we observed that ldap identity backend takes around 9-15 times more time (around 7-10 seconds) with respect to mysql identity backend. And 77% of time is spent in ldap data retrieval for authentication request.
This request is to make similar enhancement in LDAP handler code to use connection pooling.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Arun Kant
- Direction:
- Needs approval
- Assignee:
- Arun Kant
- Definition:
- New
- Series goal:
- None
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- Morgan Fainberg
- Completed by
- Morgan Fainberg
Related branches
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Adding support for ldap connection pooling.