On Thu, May 23, 2013 at 10:36:21AM +0200, Jakub Hrozek wrote: > On Wed, May 22, 2013 at 08:26:25PM +0000, Joshua C. Endries wrote: > > Hello, > > > > I'm trying to get sssd going here to hook up with AD/LDAP for user and > > group lookup. I have it working, and it works great on RHEL5 (sssd v1.5.1). > > Running 'id' on myself takes 3s when in foreground mode, and 0.014s in > > service mode (service start...). Unfortunately, on RHEL6 (sssd v1.9.2), > > Running 'id' on myself takes 3-4min in foreground and 1min in service mode. > > This is with the same sssd.conf file. > > > > It looks like, when I look up my groups, it ends up looking up all the > > users in those groups, which 1.5 doesn't seem to do. We have a huge > > directory and caching all of this seems like a huge waste of resources... > > Is there a way to turn this off or modify this behavior? I tried reducing > > ldap_group_nesting_level but it didn't make a difference. Using ad instead > > of rfc2307bis didn't either. I didn't see anything else that looked like it > > would help... > > > > Thanks, > > Josh > > Hi Joshua, > > it seems you are running into https://fedorahosted.org/sssd/ticket/1823 > > Before we have a more systematic fix we'll be adding a new option to > disable the range retrieval altogether when that option is set. That > should bring the same performance as you had with 1.5
I forgot to add -- we already have a patch ready. Would you be interested in testing it out? _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users