Before reporting an issue

• I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

ldap

Describe the bug

After changes introduced by f78c54f the searchForUserByUserAttributeStream implementation in LDAPStorageProvider is no longer checking if the local user exists before importing the user from LDAP. This causes the users to be re-imported every time this method is called, and this triggers the execution of all LDAP attribute mappers, which in turn leads to an increase in the number of DELETE and INSERT statements performed to update user attributes.

This search method is also called when authenticating using X509 client certificates.

Version

22.0.12 and main

Regression

• The issue is a regression

Expected behavior

The method should still be checking whether the user exists before importing, just like all other user search methods in the provider.

Actual behavior

Method doesn't check if the local user exists, and re-imports the users every time it is called.

How to Reproduce?

One way to reproduce it is to authenticate using X509 client certs, and enable logging for hibernate (INFO,org.hibernate.SQL:debug,org.keycloak:debug). Then check the logs - they will have several logs for importing the users, along with many SQL statements to update the attributes.

Anything else?

No response