Relationship between keystone performance backed by ldap and using ldappool is confusing

Bug #1842496 reported by Lance Bragstad
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Triaged
Low
Vishakha Agarwal

Bug Description

Keystone provides multiple configuration options for operators to setup LDAP connection pooling [0]. Connection pooling has the ability to increase performance by keeping LDAP connection open and available for use across threads within a single keystone process. It's not clear that these connections are shared only between threads and not processes. In a deployment with multiple processes defined that are all using a single thread per process, it's confusing to query LDAP connections and see they're less than the configured values in keystone.conf.

We could either improve the documentation to explain this relationship more clearly, elude to this behavior in the configuration help text, or both.

[0] https://opendev.org/openstack/keystone/src/commit/fe39838f712880c336e18eadf320e7c9e2007448/keystone/conf/ldap.py#L392-L407

Changed in keystone:
importance: Undecided → Low
tags: added: docu ldap
tags: added: documentation low-hanging-fruit
removed: docu
description: updated
Colleen Murphy (krinkle)
Changed in keystone:
status: New → Triaged
Changed in keystone:
assignee: nobody → Vishakha Agarwal (vishakha.agarwal)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.