Poor performance due to LDAP cache with incorrect key

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Problem

Performance is poor due to a large LDAP user base and a modified LDAP key name.

Diagnosis

In <confluence-home>/confluence/WEB-INF/classes/atlassian-user.xml, the LDAP key has been changed from ldapRepository. This is typical when configured for multiple LDAP repositories.

Prior to Confluence 3.0

The caches are configured in confluence-coherence-cache-config.xml (or confluence-coherence-cache-config-clustered.xml for clustered instance) which is stored in confluence/WEB-INF/classes/lib/confluence-x.x.x.jar (x.x.x is the Confluence version number). That file will contain an LDAP cache like this:

1 2 3 4 <cache-mapping> <cache-name>com.atlassian.user.impl.ldap.LDAPUserManagerReadOnly.ldapRepository.users</cache-name> <scheme-name>user</scheme-name> </cache-mapping>

Confluence 3.0 to 5.5

The caches are configured in ehcache.xml (for standard editions) or confluence-coherence-cache-config-clustered.xml (for clustered editions) which is stored in <confluence-home>/config/. The clustered cache will look like what's described in the section above. The section to be renamed in ehcache is here:

1 2 3 4 5 6 7 8 <!-- --><cache name="com.atlassian.user.impl.ldap.LDAPGroupManagerReadOnly.ldapRepository.groups" maxElementsInMemory="5000" eternal="false" timeToIdleSeconds="300" timeToLiveSeconds="0" overflowToDisk="false" /> <!-- --><cache name="com.atlassian.user.impl.ldap.LDAPGroupManagerReadOnly.ldapRepository.groups_getGroupsForUser" maxElementsInMemory="5000" eternal="false" timeToIdleSeconds="300" timeToLiveSeconds="0" overflowToDisk="false" /> <!-- --><cache name="com.atlassian.user.impl.ldap.LDAPGroupManagerReadOnly.ldapRepository.groups_hasMembership" maxElementsInMemory="5000" eternal="false" timeToIdleSeconds="300" timeToLiveSeconds="0" overflowToDisk="false" /> <!-- --><cache name="com.atlassian.user.impl.ldap.LDAPGroupManagerReadOnly.ldapRepository.repositories" maxElementsInMemory="5000" eternal="false" timeToIdleSeconds="300" timeToLiveSeconds="0" overflowToDisk="false" /> <!-- --><cache name="com.atlassian.user.impl.ldap.LDAPUserManagerReadOnly.ldapRepository.users" maxElementsInMemory="5000" eternal="false" timeToIdleSeconds="300" timeToLiveSeconds="0" overflowToDisk="false" /> <!-- --><cache name="com.atlassian.user.impl.ldap.LDAPUserManagerReadOnly.ldapRepository.groups_getGroupsForUser" maxElementsInMemory="5000" eternal="false" timeToIdleSeconds="300" timeToLiveSeconds="0" overflowToDisk="false" /> <!-- --><cache name="com.atlassian.user.impl.ldap.LDAPUserManagerReadOnly.ldapRepository.repository" maxElementsInMemory="5000" eternal="false" timeToIdleSeconds="300" timeToLiveSeconds="0" overflowToDisk="false" /> <!-- --><cache name="com.atlassian.user.impl.ldap.LDAPUserManagerReadOnly.ldapRepository.users_ro" maxElementsInMemory="5000" eternal="false" timeToIdleSeconds="300" timeToLiveSeconds="0" overflowToDisk="false" />

Confluence 5.6 and later

The caches are configured in <confluence-home>/shared-home/config/cache-settings-overrides.properties for Confluence Server (standard) or <confluence-shared-home>/config/cache-settings-overrides.properties for Confluence Data Center (clustered).

The section to be renamed in cache-settings-overrides.properties is the same as the ehcache example above.

Cause

The cache-name does not correspond to the LDAP key.

Solution

Resolution

Rename ldapRepository to your LDAP key name. If you are using a version prior to 3.0 Extracting and placing the XML file in /WEB-INF/classes/ will override the configuration file in the JAR file. For those using 3.0 and greater a direct edit of file in <confluence-home>/config/ will be sufficient. See Cache Performance Tuning for details on configuring this cache. Also review CONFSERVER-14864 - LDAP Key should map automatically to ldap cache name for a related suggestion.

Updated on April 8, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community