Filter user groups for LDAP provider

[boesr]

Is your feature request related to a problem? Please describe. We have a LDAP source connected with close to 100k users. Now some of these users get a certain group which allows them to login at some servers. It would be nice to be able to add a filter to the ldap provider only looking at users with that group. That would drastically improve the performance I guess.

Right now our authentik-server takes all the cores that are available (for testing 32) to serve the ldap providers request. After some time the server gets very unresponsive.

Describe the solution you'd like LDAP provider with to filter a group of users that are provided by the provider

Describe alternatives you've considered /

Additional context /

[BeryJu]

Is the LDAP provider configured with cached or direct searching? Additionally, with 2024.6+ the performance of the /core/users/ api endpoint has been much improved so there should be less of a resource strain. We're not currently planning to add a feature like this.

[boesr]

I tried both and although 2024.6 increased the performance a lot, it still is not sufficient. As a walkaround I am syncing all authentik users to an OpenLDAP sync by accessing the database directly and comparing hashed entries. That's why I opened the pull request https://github.com/goauthentik/authentik/pull/10195 because I would like to configure the primarily used django encryption.