feat(authentication): ldap connection pooling (#7217)

This implements optional LDAP connection pooling to optimize the speed of LDAP transactions.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>

1 files changed, 14 insertions, 0 deletions

diff --git a/internal/configuration/schema/authentication.go b/internal/configuration/schema/authentication.go
index 4ebfb680f..010262abf 100644
--- a/internal/configuration/schema/authentication.go
+++ b/internal/configuration/schema/authentication.go
@@ -127,6 +127,8 @@ type AuthenticationBackendLDAP struct {
 	StartTLS       bool          `koanf:"start_tls" json:"start_tls" jsonschema:"default=false,title=StartTLS" jsonschema_description:"Enables the use of StartTLS."`
 	TLS            *TLS          `koanf:"tls" json:"tls" jsonschema:"title=TLS" jsonschema_description:"The LDAP directory server TLS connection properties."`
 
+	Pooling AuthenticationBackendLDAPPooling `koanf:"pooling" json:"pooling" jsonschema:"title=Pooling" jsonschema_description:"The LDAP Connection Pooling properties."`
+
 	BaseDN string `koanf:"base_dn" json:"base_dn" jsonschema:"title=Base DN" jsonschema_description:"The base for all directory server operations."`
 
 	AdditionalUsersDN string `koanf:"additional_users_dn" json:"additional_users_dn" jsonschema:"title=Additional User Base" jsonschema_description:"The base in addition to the Base DN for all directory server operations for users."`
@@ -146,6 +148,13 @@ type AuthenticationBackendLDAP struct {
 	Password string `koanf:"password" json:"password" jsonschema:"title=Password" jsonschema_description:"The password for LDAP authenticated binding."`
 }
 
+type AuthenticationBackendLDAPPooling struct {
+	Enable  bool          `koanf:"enable" json:"enable" jsonschema:"title=Enable,default=false" jsonschema_description:"Enable LDAP connection pooling."`
+	Count   int           `koanf:"count" json:"count" jsonschema:"title=Count,default=5" jsonschema_description:"The number of connections to keep open for LDAP connection pooling."`
+	Retries int           `koanf:"retries" json:"retries" jsonschema:"title=Retries,default=2" jsonschema_description:"The number of attempts to retrieve a connection from the pool during the timeout."`
+	Timeout time.Duration `koanf:"timeout" json:"timeout" jsonschema:"title=Timeout,default=10 seconds" jsonschema_description:"The duration of time to wait for a connection to become available in the connection pool."`
+}
+
 // AuthenticationBackendLDAPAttributes represents the configuration related to LDAP server attributes.
 type AuthenticationBackendLDAPAttributes struct {
 	DistinguishedName string `koanf:"distinguished_name" json:"distinguished_name" jsonschema:"title=Attribute: Distinguished Name" jsonschema_description:"The directory server attribute which contains the distinguished name for all objects."`
@@ -243,6 +252,11 @@ var DefaultLDAPAuthenticationBackendConfigurationImplementationCustom = Authenti
 		GroupName:   ldapAttrCommonName,
 	},
 	Timeout: time.Second * 5,
+	Pooling: AuthenticationBackendLDAPPooling{
+		Count:   5,
+		Retries: 2,
+		Timeout: time.Second * 10,
+	},
 	TLS: &TLS{
 		MinimumVersion: TLSVersion{tls.VersionTLS12},
 	},