On Fri, 2017-01-20 at 18:14 +0100, Harald Dunkel wrote:
> Hi folks,
> I see a pretty large number of ldap requests sent by our git
> server, asking for the same account info again and again.
> Sometimes it asks 20 times per second for the same user info,
> for example.
> Obviously caching doesn't work.
Is your server being used for authentication ?
SSSD, by default, always refreshes user credentials on authentication,
but you can use the cached_auth_timeout setting to relax this
requirement in SSSD, and reduce the roundtrips for auth attempts.
> I remember some note in the
> installation guide suggesting to turn of nscd and that sssd
> takes over this job, so I wonder wth? A recent EMail in this
> forum suggested to set selinux_provider = none, but this
> didn't help.
> Ipa server is Centos 7.3, client is on Jessie with sssd 1.13.4.
> sssd.conf is attached, of course. Every helpful comment is highly
> Manage your subscription for the Freeipa-users mailing list:
> Go to http://freeipa.org for more info on the project
Simo Sorce * Red Hat, Inc * New York
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project