So, we have an environment integrated with Websphere Application Server using groups to authorize users. Works fine, except for the high usage of CPU (8 cores 32GB). Websphere gets the user DN and queries all groups searching members. No biggie, since we have around 300 groups.
But for some groups we have 300k members. There you go, you can imagine the processing workload in expanding the members array for all groups and evaluating if each member matches the user DN - servers goes from 10% usage to 50%-60% only for that process.

Lets say for now that we cannot change in the client application the query syntax, the base DN or anything like that.
Yes, member attribute is indexed.

Any thoughts on how to improve this scenario?