Before reporting an issue

• I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

ldap

Describe the bug

With the fix for #34050 the search for LDAP users with import disabled became much slower.

When import is disabled, the in-memory user proxy is created and cached in the transaction, and subsequent validations didn't have to search LDAP for the user because the corresponding LDAPObject is already cached.

With the changes to fix the slowness with import enabled, the loadAndValidateUser method is now calling LDAP again for each user, ignoring that the LDAPObject is already available via the cached proxied user

Version

main

Regression

• The issue is a regression

Expected behavior

Search for the LDAP users with import disabled should be very fast (< 500ms)

Actual behavior

Search for LDAP users is now taking around the same time for both imported and not imported scenarios, as now every user is searched in LDAP again in both cases

How to Reproduce?

Start keycloak main with a LDAP provider containing around 2k LDAP users, import enabled = false. Go to Users page and check the time it takes to load the first 10 users (around 5.5s)

Anything else?

No response