Connecting to an LDAP server can provide a flexible and efficient solution for your user management. In order to achieve optimal performance, the background synchronization program will search and download data from LDAP to your local Confluence server database and update the data periodically to keep Confluence data consistent with LDAP data.
When synchronizing, copying, and caching users, the number of users, user groups, and user group members will determine the time required for system synchronization. We recommend the maximum number of users to use and the synchronization method described below:
Recommended LDAP directories that affect connections:
- Microsoft Active Directory
- All other LDAP directory servers
The following LDAP configuration has no effect on synchronization:
- Internal directory using LDAP authorization
- LDAP directory, but configured to use authorization only, and copy the user after the user logs in for the first time (Authentication Only, Copy User On First Login)
Based on the number of users, user groups, and user group members, choose the LDAP directory server configuration solution below.
| Up to 10,000 (ten thousand) users, 1000 (one thousand) user groups and 20 users in each user group | Select the ' LDAP ' or ' Microsoft Active Directory ' directory type. You can use the full sync option. Your Confluence application will fully replicate the data on the LDAP server to the local database. |
| more than the above configuration | Use LDAP filters to reduce the amount of data visible and downloaded when LDAP user and user group data is synchronized. |
Our test results
We tested synchronizing 10,000 users, 1000 user groups and 200,000 user group members from the AD server from our internal network.
We found that the initial sync would take about 5 minutes. Subsequent incremental synchronization means that it only takes a few seconds to complete the synchronization of the modified user information on the AD server.
Note that some of the factors that affect user synchronization efficiency and time are as follows:
- User size: Use LDAP filters to minimize your needs.
- LDAP server type: We support lookups modified in AD, so subsequent syncs with servers using AD will be significantly faster than servers using LDAP.
- Network technology: The better the network connection to your LDAP server, the higher your synchronization efficiency will be.
- Database performance: As we have described, synchronizing LDAP server user information is equivalent to caching LDAP user information in the local database, your database performance will affect the efficiency of the entire synchronization.
- JVM heap size: If your heap size is set too small, your Java virtual machine will perform a lot of garbage collection operations during LDAP synchronization, which will affect your synchronization performance.
https://www.cwiki.us/display/CONFLUENCEWIKI/User+Management+Limitations+and+Recommendations