While lico uses a system account to bind to ldap it does not reuse the ldap connection, causing to frequent Bind requests to libregraph idm, which uses argon2 to hash passwords. This can lead to OOM situations when too many reuests have to be authenticated at the same time.

While libregraph/lico#77 is a little too eager, it shows that we can significantly reduce the number of bind requests. We should use channles as in https://github.com/cs3org/reva/blob/edge/pkg/utils/ldap/reconnect.go ... maybe move that into a separat lib that we can reuse?