On Wed, May 22, 2013 at 08:26:25PM +0000, Joshua C. Endries wrote: > Hello, > > I'm trying to get sssd going here to hook up with AD/LDAP for user and group > lookup. I have it working, and it works great on RHEL5 (sssd v1.5.1). Running > 'id' on myself takes 3s when in foreground mode, and 0.014s in service mode > (service start...). Unfortunately, on RHEL6 (sssd v1.9.2), Running 'id' on > myself takes 3-4min in foreground and 1min in service mode. This is with the > same sssd.conf file. > > It looks like, when I look up my groups, it ends up looking up all the users > in those groups, which 1.5 doesn't seem to do. We have a huge directory and > caching all of this seems like a huge waste of resources... Is there a way to > turn this off or modify this behavior? I tried reducing > ldap_group_nesting_level but it didn't make a difference. Using ad instead of > rfc2307bis didn't either. I didn't see anything else that looked like it > would help... > > Thanks, > Josh
Hi Joshua, it seems you are running into https://fedorahosted.org/sssd/ticket/1823 Before we have a more systematic fix we'll be adding a new option to disable the range retrieval altogether when that option is set. That should bring the same performance as you had with 1.5 _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
