IPD causing unusually high number of LDAP search requests hitting Active Directory servers as part of health checks , causing load in the LDAP

XMLWordPrintable

    • Type: Bug
    • Resolution: Unresolved
    • Priority: Low
    • None
    • Affects Version/s: 9.2.5
    • Component/s: Other
    • None
    • 1
    • Severity 3 - Minor

      Issue Summary

      ExtUserDirectoryConnectionStateIpdJob (running on the ipd-worker thread) performs a broad LDAP search rather than a simple connection "ping" or bind. 

      Steps to Reproduce

      1. Install Confluence version 9.2.5
      2. Setup and LDAP connection
      3. Ensure IPD is enabled
      4. Now enable DEBUG logging for below class to see the IPD logs in the atlassian-confluence-security.log file
      com.atlassian.crowd.directory.ldap.monitoring

      Expected Results

      • The health check triggers should not run searches and it can only be a test connection

      Actual Results

      • We can see seraching being executed in LDAP from the IPD threads for all users 
        2026-04-17 14:19:15,083 DEBUG [ipd-worker:thread-1] [directory.ldap.monitoring.TimedSupplier] get Execute operation search using searchexecutor baseDN: o=company, filter: (objectclass=inetorgperson)
2026-04-17 14:19:15,087 TRACE [ipd-worker:thread-1] [directory.ldap.monitoring.ExecutionInfoNameClassPairCallbackHandler] handleNameClassPair Search result cn=pojala,ou=users, with attributes {entryuuid=entryUUID: fadae2e0-3453-4509-a681-875f430bbc65, mail=mail: Pertti.Ojala@kpmg.fi, displayname=displayName: Ojala, Pertti, sn=sn: Ojala, cn=cn: pojala}
2026-04-17 14:19:15,088 DEBUG [ipd-worker:thread-1] [directory.ldap.monitoring.ExecutionInfoNameClassPairCallbackHandler] logResultCount The operation returned 1 results
2026-04-17 14:19:15,088 DEBUG [ipd-worker:thread-1] [directory.ldap.monitoring.TimedSupplier] get Timed call for search using searchexecutor baseDN: o=company, filter: (objectclass=inetorgperson) took 4ms
2026-04-17 14:20:15,155 DEBUG [ipd-worker:thread-1] [directory.ldap.monitoring.TimedSupplier] get Execute operation search using searchexecutor baseDN: o=company, filter: (objectclass=inetorgperson)
2026-04-17 14:20:15,160 TRACE [ipd-worker:thread-1] [directory.ldap.monitoring.ExecutionInfoNameClassPairCallbackHandler] handleNameClassPair Search result cn=pojala,ou=users, with attributes {entryuuid=entryUUID: fadae2e0-3453-4509-a681-875f430bbc65, mail=mail: Pertti.Ojala@kpmg.fi, displayname=displayName: Ojala, Pertti, sn=sn: Ojala, cn=cn: pojala}

      Workaround

      Disable IPD

              Assignee:
              Unassigned
              Reporter:
              Shivangi Nayak
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: