Before opening a bug report, I wanted to discuss a new issue here. I have ldap users that are in 1500 groups (yeah, I know ... not my choice either), ldap is using rfc2307 scheme (openldap, redhat EL7). Now, when connecting sssd to this ldap server, I've already set enumeration=false, and also ignore_group_members=true (performance ...). However, with ignore_group_members=true, I'm getting this in the sssd_nss.log when doing a 'groups <userid>" command:
[sssd[nss]] [sss_mc_find_record] (0x0010): Corrupted fastcache. name_ptr value is 16 (once when the cache is empty, and after that once or twice per groups-request). I also see this in /var/log/messages (related of course): sssd[nss]: Stored copy of corrupted mmap cache in file '/var/lib/sss/mc/group_corrupted#012' As a result, this prevents the use of the sssd fast cache, so group requests at best take 5.5 seconds. Now this problem happens 95% of the cases (which leads me to believe it is a timing bug), but when I set ignore_group_members=false, this is not happening (and when groups are ok in the fast cache: 0,03 secs response time). Ideas? Hints? Or should I just go and open a bug report? Is there a real performance drawback to setting ignore_group_members=false? Thanks, Franky _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
