On Fri, 2017-01-20 at 18:14 +0100, Harald Dunkel wrote: > Hi folks, > > I see a pretty large number of ldap requests sent by our git > server, asking for the same account info again and again. > Sometimes it asks 20 times per second for the same user info, > for example. > > Obviously caching doesn't work.
Is your server being used for authentication ? SSSD, by default, always refreshes user credentials on authentication, but you can use the cached_auth_timeout setting to relax this requirement in SSSD, and reduce the roundtrips for auth attempts. HTH, Simo. > I remember some note in the > installation guide suggesting to turn of nscd and that sssd > takes over this job, so I wonder wth? A recent EMail in this > forum suggested to set selinux_provider = none, but this > didn't help. > > Ipa server is Centos 7.3, client is on Jessie with sssd 1.13.4. > > > sssd.conf is attached, of course. Every helpful comment is highly > appreciated. > > Harri > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project