On Wed, Nov 14, 2018 at 05:35:41PM +0100, Michael Ströder wrote: > HI! > > I'm currently trouble-shooting performance issues on CentOS 6.10 running > sssd 1.13.3 using sssd-ad as backend. > > Enumeration is already disabled. > > Also these options were set (DNS names obfuscated): > > ad_enabled_domains = ad1.example.com > ad_server = dc1.ad1.example.com, dc2.ad1.example.com > ad_enable_dns_sites = false > > Looking sssd still asks various naming contexts of the *many* other > trusted domains. > > Any clue how to effectively disable all "foreign" lookups?
ad_enabled_domains will ignore requests looking up users and groups from domains not listed but I guess if a user from domain ad1.example.com is a member of a group from ad2.example.com this group will still be looked up. Setting 'subdomain_provider = none' should disable all kind of domain discovery. But depending on the other stetting you might e.g. have to set ldap_idmap_default_domain_sid to tell SSSD about the domain SID of the local domain to make automatic id-mapping work. bye, Sumit > > Ciao, Michael. > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
