Currently LDAP API handler establishes new connection for identity data (user, group) lookup which becomes quite costly when TLS support is enabled.
In performance testing with 100 concurrent users, with OpenLdap as ldap server, we observed that ldap identity backend takes around 9-15 times more time (around 7-10 seconds) with respect to mysql identity backend. And 77% of time is spent in ldap data retrieval for authentication request.
So locally we tried to optimize ldap lookup by using connection pooling (https://pypi.python.org/pypi/ldappool/1.0) and that has improved performance numbers by 30%.
This request is to make similar enhancement in LDAP handler code to use connection pooling.
Fix proposed to branch: master /review. openstack. org/95300
Review: https:/