Very slow SearchGuard

fbacchella · July 15, 2025, 6:22pm

Since an upgrade to ES 8.18.3 and SG 3.1.0, all my access are quite slow, going to Kibana or ES REST API.

But only access from users stored in LDAP are slow, users in the internal database are still fast. I have done a curl in a loop and indeed, access delay range from 1m to less than 1s for the same user within the loop. So I’m quite sure that it’s an LDAP cache problem. I wonder if there is a metric somewhere that will show cache hit and help me adapt the size of it. We have a huge number of AD groups, so the cache is very important.

fbacchella · July 15, 2025, 7:38pm

Another question, the documentation talks about ldap.group_search.cache.max_size says it hold 1000 entries. What is exactly an entry ? A group, a user ? Given the number of users and groups, is there a way to calculate the optimum size ?

Topic		Replies	Views
Kibana cookie max length Search Guard	9	769	July 13, 2020
searchguard.authentication.authentication_backend.cache.enable: true Search Guard	4	403	July 1, 2015
LDAP(AD) Authorization against groups not working Search Guard	2	539	December 19, 2017
Performance in Kibana with SearchGuard Search Guard	9	640	May 25, 2021
option to delete users cached credentials on logout? Search Guard	4	566	December 16, 2018

Very slow SearchGuard

Related topics