On Tue, Jul 03, 2018 at 02:12:22PM +0200, John Hearns wrote: > I have an AD setup where users can be a member of perhaps 130 groups. > When I run 'groups jbloggs' this can take 90 seconds or even longer. > I have reduced that time to perhaps 20 seconds by setting > ignore_group_members = TRUE > > Once the information is cached the groups command returns in less that one > second. > However, after a length of time the cache seems to be invalidated and the > information is fetched again from the server, taking 20 seconds again. > The cacheing parameters are set to: > > entry_cache_timeout = 5400 > entry_cache_user_timeout = 5400 > entry_cache_group_timeout = 5400 > refresh_expired_interval = 4000 > > Surely this means that after 4000 seconds the user and group information is > refreshed in the background. > So a user running the groups command would always see freshly cached values?
With 'debug_level=6' or higher in the [domain/...] section of sssd.conf you should be able to see messages like 'Refreshing <username> in domain <domainname>' in domain log file when is refresh task is running. bye, Sumit > > Clearly I am not understanding something here. > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/[email protected]/message/M4R23YDHWUMUZPE4QZW2CFCYVU3WTXUO/ _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]/message/GYL5YCE73YNOBPV6JNY2F5WVSBBRMCEC/
