I'm on Identity Application 4.8.7. Several of the REST calls are so resource intensive for the backend eDirectory server, that they time out if more than a handful of people are logging in. Even with only one person logging in, the calls take 30+ seconds to finish if they aren't cached by IA
When IA has cached them, they *only* take 2-3 seconds:
I know they are cached by IA at this point, because if I flush the "DirectoryService.MemberhipCacheHolder", the response time immediately jumps back to 30+ seconds.
While these calls are made, I see that the CPU-load on the eDirectory server jumps to 100% (4 cores, 16 GB RAM).
Tracing LDAP on the eDirectory server, I can see that most of the traffic is just asking for the attributes of an object (scope=object), so I don't think we're missing any indexes, but it has made me wonder why so many identitical queries are made. One in particular is for a couple of nrf*-attributes as well as mail, givenName, cn, sn, etc. of the user I'm logging in as, which is done app. 100 times in about 1 minute of logging.
Our production environment is still on Identity Application 4.8.4, and looking at it now, we can see that the signs are there as well, with some of the REST calls taking 10-15 seconds. It might very well be that something in the structure of our tree is causing this, but it's difficult to make large changes without actually knowing if they would solve the problem.
I've opened a ticket with OT support, but I was wondering if anybody in the community had any ideas.