Original description from JRA-41025

Expected Behavior

Pool LDAP connections over SSL (LDAPS) as performed when connecting over plain LDAP.

Actual Behavior

LDAPS connections are not pooled, requiring JIRA to renegotiate the connection every time. This leads to poor performance and could cause synchronization failures, as described on this KB article.

Steps to Reproduce

1. Setup any directory server with a considerable amount of users and groups (no limit pattern has been detected up until now);
2. Enable SSL for the connection;
3. Synchronize;

Workaround for pooling connections over SSL

Add the below argument to JIRA's startup options.

-Dcom.sun.jndi.ldap.connect.pool.protocol='plain ssl'

Workaround for improving synchronization time (when using Microsoft Active Directory Server)

Albeit this won't resolve the pooling connections problem, it can significantly improve the synchronization time:

1. Edit the LDAP directory:
2. On Use the User Membership Attribute, under Membership Schema Settings:
   1. Uncheck "When finding the members of a group";
   2. Check "When finding the user’s group membership";
3. Save the configuration and synchronize the directory;