Data Loss on MSSQL for LDAP Identity Provider


We’re using Keycloak 11.0.2 on a MSSQL Database and federate users via LDAP from an Active Directory. A reoccurent issue seems to be that at random time intervals, Keycloak deletes the LDAP Configuration from the database, taking down the entire cluster fairly quickly, without apparent cause.

Keycloak seems to be constantly recreating these records and according to some SQL profiles, simply doesn’t perform the insert sometimes, leading to total data loss of the configuration of the LDAP provider, the executing node immediately uptakes this change, remaining nodes whenever their caches on the data expire. This has occured over several Keycloak versions as well as several of the MSSQL JDBC Driver versions, currently we put the COMPONENT_CONFIG table as read-only in the server to prevent further incidents but this only stops the cluster going down, the node that makes the mistake still becomes partially unavailable.

To clarify, the node does not actually become non-responsive, it can still service local user accounts, it’s just the LDAP-linked accounts that become unusable.

If anyone has any pointers on what the cause could be, how to fix it (in case it’s a misconfiguration) or where to escalate the issue to, I would be thankful.

T. Schuster