I use Keycloak API to get all users (in batches). Keycloak makes LDAP requests for each user while handling this request.
Is it possible to exclude LDAP search while getting all Keycloak Users?
It's not only slow, it overloads LDAP provider and leads to DB connection timeouts on Keycloak side (sounds strange but this is how Keycloak works).
Disabling and enabling LDAP per query is not an option since I do it programmatically and don't want to take care manually if the process failed to enable LDAP back.
No.
Only if LDAP is disabled.
Checked source code of Keycloak. org.keycloak.storage.ldap.LDAPStorageProvider class is used to query users that always performs queries via LDAP.