Add filter options to LdapFindGroupMembership pipe to limit the amount of recursion

[Laurens-makel]

Related Problem or Business Case

The LdapFindGroupMembership uses recursion by default, whilst migrating the app from on-prem to a cloud environment we stumbled upon the fact that our directory service is now much further away and additional latency was introduced.

After some research, I've found out that the pipe iterates over each found group, till the end of the nested groups.

Describe the Feature

In order to reduce the amount of "useless" LDAP calls I've added two custom attributes:

• MaxRecursionLevel is used to limit the amount of recursion to a specific level, in our use-case 2 seems to do it. Tested with my own corporate account, this saved around 25 calls for me.
• RecursionFilter is used to set a regex which group names are tested against, if there is a match, do recursion, no match, skip it. Also tested with corporate account, with the filter set I was able to skip 30-40% of the groups returned on the first call. Not sure how many calls this saved actually, because the recursion applied to the found groups.

The results were great, where it took 10~ seconds before, it took 3.5~ seconds to find the desired result on the connection with the on-prem directory.

After we switched to a domain controller hosted on the cloud, without the filters applied it took 1300~ ms to get the desired result, with the filters applied it took 250~ ms, which is actually a little bit faster than the same pipe without the filters hosted on the on-prem hosting stack, which took around 400~ ms, ofcourse you can get even better results with the filters applied there, but thats the reason for this feature request :)

Collaboration with External Companies

No, community resolution only

Anything else?

No response