LDAP User Federation InterruptedNamingException

Hello

I am using Keycloak User Federation to synchronise users with LDAP (read and write).
On my LDAP server I have more then 10.000 users, distributed in hierarchical structure. To achieve tenant isolation I adopted ACL rules with regex on organization.

dn: olcDatabase={2}mdb,cn=config
changetype: modify
add: olcAccess
olcAccess: to dn.regex="ou=People,o=([^,]+),dc=company,dc=com$"
   by dn.regex="^uid=ROUSER,ou=admin,o=$1,dc=company,dc=com$$" read
   by dn.regex="^uid=RWUSER,ou=admin,o=$1,dc=company,dc=com$$" write

I found that in this situation my ldapsearch sometimes takes more than 10 seconds
and on LDAP server log I see that a lot of ABANDON operations are performed.
On Keycloak I can see on log the follow exceptions:

Caused by: javax.naming.InterruptedNamingException: Interrupted during LDAP operation; remaining name 'ou=People,o=department,dc=company,dc=com'
	at java.naming/com.sun.jndi.ldap.Connection.readReply(Connection.java:445)
	at java.naming/com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:639)
	at java.naming/com.sun.jndi.ldap.LdapClient.search(LdapClient.java:562)
	at java.naming/com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2014)
	at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1873)
	at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1798)
	at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
	at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
	at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:276)
	at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager$3.execute(LDAPOperationManager.java:256)
	at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager$3.execute(LDAPOperationManager.java:253)
	at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.execute(LDAPOperationManager.java:731)
	at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.execute(LDAPOperationManager.java:711)
	at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.execute(LDAPOperationManager.java:706)
	at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.search(LDAPOperationManager.java:253)
	at org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:279)
	... 74 more

I also tried to set Connection/Read timeout in the LDAP federation settings as screenshot

image

but it does not seem to affect the ldap search timeout since after few seconds anyway the search is ABANDONED

Is there any way to configure Keycloak to have a longer timeout for ldapsearch ?

Hi - I am having the same issue. Did you resolve it? Thanks