On (01/09/17 09:33), William Edsall wrote: >Had a few communications with Michal but we're still stuck. > >One issue is that we have dozens of domain controllers globally. A standard >dns lookup could give me a domain controller overseas which will be slow, >or maybe even a domain controller that isn't responding. As such, I have >been inserting ad_server = x into the sssd.conf to improve performance. > >I noticed that if I do not insert ad_server = x, I'm getting different >results. My initial id request is very slow but seems to produce results. >While searching, it seems to also be 'inserting' users into the users hash >table - almost as if it's searching and inserting our entire user database? >For example there are countless lines of the following: >(Fri Sep 1 09:28:37 2017) [sssd[be[example.com]]] >[sdap_nested_group_hash_insert] (0x4000): Inserting >[CN=user_name,OU=bla,OU=bla Users,DC=dow,DC=com] into hash table [users] > >As my initial id request returns, it seems to return several chunks of my >group ids at once as if it's processing them individually and searching all >users in that group (thus the above log entries). > >Not sure if this helps or just muds up the issue but it's strange indeed. > You needn't hardcode ad_server. You can still rely on dns discovery. I assume you use sites in AD. So you can "pin" sssd to your local/nearest site with option ad_site.
More details in man sssd-ad -> ad_site LS _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
