My portal is able to successfully authenticate with LDAP server (Active Directory) but due to liferay scheduler importing users after some interval, my system performance is degrading. I can see high memory and CPU usage for JAVA and MySql process.

As Active directory is not configured properly, I can see many exceptions related to users not imported due to some issue in log files. As per log file I have added few filters in LDAP query to filter relevant entities (users).

I am using following filter in control panel for Import Search Filter:

(&(objectClass=user)(mail=*@myorg.com)(extensionAttribute1=*))

“extensionAttribute1” is used for employee ID. (Mail and employee id entry is used to filter required data.)

To organize data in active directory properly it will take some time but I want some immediate workaround for this issue, like import only on login attempt by user etc.

If you want to import user data only due to his login you have to disable "Ldap import enabled" leaving the LDAP enabled.

You can do this using control panel or by portal-ext.properties

And also to avoid low system performance you can setup a small import page size (default si 1000, you can set 20) and narrow import time interval.

see ldap.import.interval and ldap.page.size in portal.properties