Description of problem:

If you're using page_size [0] and are integrating keystone with an LDAP server that supports paging (like Active Directory), it's possible to see keystone memory footprint slowly increase over time.

The problem isn't as noticable with large page sizes (e.g., page_size = 10000). But it's noticable when you use small page sizes (e.g., page_size = 5).

I hit this issue using Active Directory with 10,000 users. I set my page_size to 5 and listed users continuously for an hour. During that time I noticed keystone's total memory consumption on the host increase from 5% to 14%.

Additionally, the problem is exacerbated using page_size = 1.

I was unsuccessful in reproducing this issue with FreeIPA, which is another LDAP implementation, but it doesn't support paging. Keystone automatically disables paging if the LDAP server doesn't support it.

It seems there is a memory leak somewhere in keystone's LDAP paging implementation.

[0] https://docs.openstack.org/keystone/latest/configuration/config-options.html#ldap.page_size

Version-Release number of selected component (if applicable): 
OSP16.1


How reproducible:
100% If you're using page_size [0] and are integrating keystone with an LDAP server that supports paging (like Active Directory) but it doesn't affect OSP if you're using FreeIPA

Steps to Reproduce:
1. Configure Keystone with a LDAP backend (live Active Directory) with paging enabled.
2. Creates a good amout of users (10,000 users on this example)
3. Keystone memory consumption will start to increase when you perform actions like list users.

Actual results: Keystone's total memory consumption on the host increase from 5% to 14%.


Expected results: Keyston's total memore consumption should be similar without using paging for LDAP backend


Additional info: