Connection Test from Embedded Crowd applications to Crowd causes Crowd Performance Issue

Finding

During the Connection Test, Crowd will actually search for users in the directory that is located in the first priority in the Application's directories mapping. The search has maxResults set to 1 (so that it returns only 1 user to verify the connection test's success).

If the directory's cache is enabled, Crowd will perform the search in the user cache, which is not too bad. But when the cache is disabled, Crowd will then perform a search through the LDAP repository. Wireshark sniffs confirm that LDAP will then return a full list of users to Crowd (during the Connection Test). For a large directory with more than 10000 users, this will be a major performance hit, and might fail the connection test from Confluence and JIRA with this error:

Connection test failed. Response from the server:
org.apache.commons.httpclient.ConnectTimeoutException: The host did not accept the connection within timeout of 5000 ms

Workaround

1. Remove all directories, leaving only a Crowd Internal Directory (with very few users inside) in the application's directory mapping (Crowd >> Applications >> (your application) >> Directories) in Crowd
2. Click on Test Connection in Confluence/JIRA (which should now be successful)
3. Save the Crowd Directory configuration in Confluence/JIRA.
4. Add the directories back into the application's directory mapping (Crowd >> Applications >> (your application) >> Directories) in Crowd
5. Sync the Crowd Directory in JIRA/Confluence