Uploaded image for project: 'Red Hat build of Keycloak'
  1. Red Hat build of Keycloak
  2. RHBK-1664

[GHI#30677] LDAP connection pool params(maxsize, initsize, prefsize) picked up from backend ComponentModel and are not visible in Keycloak admin console

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False

      Before reporting an issue

      [X] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

      Area

      ldap

      Describe the bug

      Setting JVM arguments to configure com.sun.jndi.ldap.connect.pool.maxsize, com.sun.jndi.ldap.connect.pool.initsize, com.sun.jndi.ldap.connect.pool.prefsize is not taking effect.

      It seems if parameters like connectionPoolingMaxSize are set in Keycloak realm(by importing previous version realm export, or migrating from previous version to current version) then the system property does not take effect.

      Now that the connectionPooling parameters for maxsize, initsize, prefsize are removed from Keycloak admin console - there should be an option to configure these parameters or allow the system property configurations to take effect.

      Version

      25.0.1

      Regression

      [ ] The issue is a regression

      Expected behavior

      Setting JVM arguments to configure following ldap connection pool parameters - com.sun.jndi.ldap.connect.pool.maxsize, com.sun.jndi.ldap.connect.pool.initsize, com.sun.jndi.ldap.connect.pool.prefsize - should take effect.

      Actual behavior

      Setting JVM arguments to configure following ldap connection pool parameters - com.sun.jndi.ldap.connect.pool.maxsize, com.sun.jndi.ldap.connect.pool.initsize, com.sun.jndi.ldap.connect.pool.prefsize - do not take effect.

      How to Reproduce?

      1. Start Keycloak server
      2. Create a new realm and add a ldap user federation
      3. Create a realm export of this newly created realm
      4. Add connectionPoolingMaxSize in the realm export
      ~~~
      "org.keycloak.storage.UserStorageProvider": [

        {
    "id": "ec8ff950-0ffa-4fd2-83dc-69827015a0c6",
    "name": "ldap",
    "providerId": "ldap",

      ......

          "config": {
      "connectionPoolingMaxSize": [
        "50"
      ],
      "fullSyncPeriod": [
        "-1"
      ],

      ~~~

      5. Set JAVA_OPTS_APPEND="-Dcom.sun.jndi.ldap.connect.pool.debug=all -Dcom.sun.jndi.ldap.connect.pool.initsize=4 -Dcom.sun.jndi.ldap.connect.pool.maxsize=100 -Dcom.sun.jndi.ldap.connect.pool.prefsize=10"
      6. Restart the Keycloak server with above JAVA_OPTS_APPEND set
      7. Try to execute a LDAP operation like Sync all users - and check for following section in the logs:
      ~~~
      start
      idle timeout: 300000
      maximum pool size: 50
      preferred pool size: 10
      initial pool size: 4
      protocol types: plain ssl
      authentication types: none simple
      ~~~
      8. The JVM argument -Dcom.sun.jndi.ldap.connect.pool.maxsize=100 was ineffective and max size was set to connectionPoolingMaxSize.

      Anything else?

      No response

            Unassigned Unassigned
            pvlha Pavel Vlha
            Keycloak Core IAM
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: