Token endpoint slow with LDAP federation configured


We have an issue where generating a token through the token endpoint is extremely slow - the first time it takes up to a minute!
I know there have been some posts already regarding this topic, but I did not find any concrete advice on what might be causing this or what to look out for, so hoping to get more specific advice on this. We have LDAP user federation configured and are using pretty much all the default settings, only one mapper is added for AD Groups.

Any help would be much appreciated.

You can debug Keycloak somehow and check is it slow in Keycloak token creation or LDAP password check… It may have something with LDAP connection?

how can I debug Keycloak?
Based only on my observations, it is slow only for accounts from LDAP, login for accounts created manually in keycloak takes significantly less time (couple of seconds as opposed to nearly a minute).

You can up and run it locally and to connect to the same LDAP, then to debug. But if login is slow because of bad connection or idk it is not on Keycloak side… Idk if there is a way to test LDAP connection speed without Keycloak or even to try wit some other provider locally just to compare, for example Okta or so…