No. It isn't. "enumerate" is at default, which is false. Having enumeration on slows things down. In fact I have "ignore_group_members = true" to speed things up even more.
The domain LDB cache file isn't even that big. Less than 100 entries. Thanks for your thoughts though. This is a really odd problem only happening on a few boxes. I suspect a bug in the release I'm running, but I wanted to try to verify it. - Jim On 2019-05-31 12:44, Lawrence Kearney wrote: > Given what you're describing I would suspect that enumeration is set > to "true" and the cache is being overwhelmed cyclically. > > Just a thought, > > > -- lawrence > > On Fri, May 31, 2019 at 2:09 PM Jim Burwell <[email protected]> wrote: > > Hi, > > I'm experiencing an issue with SSSD 1.11.5 running on Ubuntu 12.04.5 > LTS. It's using the AD provider, pointing to AD servers with POSIX > groups configured (ldap_id_mapping = False). > > The issue I'm experiencing is that all of a user's groups vanishes > from > "id" and "groups" after several hours (appears to be 8-12 hours), > except > for his/her login group. > > sss_cache -E doesn't fix it > > Restarting SSSD doesn't fix it. > > However, stopping SSSD, removing /var/lib/sss/db/*, and restarting > SSSD > does fix it. > > After manually removing the cache files in the DB dir, SSSD will then > see all of a users groups until several hours pass, then, again, > all but > his login group will vanish until the files are removed and SSSD > restarted again. > > Is this a known issue, perhaps a bug fixed in some future version? > > BTW, if you're wondering, the SSSD version I'm using is a backport of > 1.11.5 found here in this PPA: > https://launchpad.net/~sssd/+archive/ubuntu/updates > > This is how I'm able to use the AD provider with Ubuntu 12. I > know it's > not supported, etc. I'm just looking for any insights or suggestions, > or whether a known bug exists for this version that exhibits this > "vanishing groups" behavior. > > > TIA, > > - Jim > > _______________________________________________ > sssd-users mailing list -- [email protected] > <mailto:[email protected]> > To unsubscribe send an email to > [email protected] > <mailto:[email protected]> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > > https://lists.fedorahosted.org/archives/list/[email protected] > > > > -- > Lawrence Kearney > > e: [email protected] <mailto:[email protected]> > t: +001 706.951.6257 > w: www.lawrencekearney.com <http://www.lawrencekearney.com> > l: www.linkedin.com/in/lawrencekearney > <http://www.linkedin.com/in/lawrencekearney> > > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected]
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
