On Wed, 2012-06-27 at 14:53 +0200, Jan Engelhardt wrote: > On Tuesday 2012-06-26 17:43, Stephen Gallagher wrote: > > > >Actually, it most certainly is cached locally. If it was going to LDAP > >50,000 times, it would take you MUCH longer than 8.5s to get results > >back. Naturally, looking up results in a local file is faster than > >getting it out of the SSSD's cache database. However, we have sped this > >up considerably in SSSD 1.9.0 (currently in beta). We now maintain a > >second, in-memory cache for requests that is much faster than > >communicating across the socket to the sssd_nss process and then reading > >from the database (and processing group nested members). > > > >So if you wanted to test our latest nightlies with this program, I think > >you'd find it responding much faster. > > Yes, I do. But for a different reason: 1.8.93 does not retrive > any groups whatsoever from LDAP anymore. What broke there? > (`getent groups someldapgroup` yields no output anymore.) > > I skimmed over the changelog earlier and noticed that there > was some change with respect to groups (ignored when no "name" > attribute, was it?) The LDAP entry for (an empty group) looks like > > # clients, groups, woven > dn: cn=clients,ou=groups,o=woven > objectClass: groupOfNames > objectClass: posixGroup > cn: clients > gidNumber: 100000 > member: cn=clients,ou=groups,o=woven > > and was previously properly returned in sssd-1.8.3.
Hmm, that's very concerning. Can you get debug logs of that? (Obviously, nightlies tend to be in flux, but I hadn't seen anything go this wrong lately...)
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
