On Mon, Dec 08, 2014 at 08:45:00PM +0000, PATRICK wrote: > Sanitized sssd.conf, please note enumerate is set to false and the all of the > users POSIX attributes are still getting pulled down. > [domain/default] > debug_level = 5 > enumerate = False > ldap_id_use_start_tls = True > ldap_schema = rfc2307bis > #ldap_search_base = dc=example,dc=com > ldap_search_base = > dc=example,dc=com?sub?|(host=myhost.mygroup.example.com)(host=ALL) > krb5_realm = EXAMPLE.COM > krb5_server = kerberos.example.com > id_provider = ldap > auth_provider = ldap > chpass_provider = ldap > ldap_uri = ldap://myldap.example.com:389 > cache_credentials = True > ldap_tls_cacertdir = /etc/openldap/cacerts > ldap_default_bind_dn = cn=proxyuser,ou=AdminUsers,dc=example,dc=com > ldap_default_authtok_type = password > ldap_default_authtok = XXXXXXXXXXXX > access_provider=ldap > ldap_access_filter = (|(host=myhost.mygroup.example.com)(host=ALL)) > > [sssd] > services = nss, pam > config_file_version = 2 > debug_level = 5 > domains = default > [nss] > debug_level = 5 > [pam] > debug_level = 5
You can drop the service stanzas other than [nss] and [pam] since you only use nss and pam in the services line. Otherwise, the config file looks good to me. Do you still see a high load on the servers? Can you check the server logs about the queries? Do you use nested groups? Perhaps the queries you see is some application calling getgrnam/getgrgid on a large group and recursing? > [sudo] > debug_level = 5 > [autofs] > debug_level = 5 > [ssh] > debug_level = 5 > [pac] > debug_level = 5 _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
