Description
Before reporting an issue
- I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
ldap
Describe the bug
When periodic synchronization is configured for LDAP, it is expected that the whole deployment (whether single- or multi-node) should perform exactly 1 synchronization every T minutes. We have noticed that in the clustered environment, LDAP sync occurs way more often. This is the visualization of LDAP sync events with period = 5 min and 11 nodes:
We can see that whilst every single node does respect the 5 min period, there is no coordination between the nodes at all; in other words, the LDAP sync period is actually a node-level setting. This is counterintuitive because every other setting in the Admin UI applies to the cluster as a whole. In a highly dynamic environment, especially autoscaled, this means that the average sync period (T) is eventually reduced to T / N, where N is the number of nodes. Thus, the load on the LDAP server increases N-fold.
Version
26.2.5
Regression
- The issue is a regression
Expected behavior
LDAP sync period should be interpreted as a cluster-level setting. It should be guaranteed that the entire cluster performs exactly one sync, with the configured periodicity.
Actual behavior
Cluster nodes would perform LDAP sync independently, with no coordination between the nodes.
How to Reproduce?
Configure a (dynamic) cluster with LDAP sync and scale it up randomly. You should see the picture similar to the above.
Anything else?
No response