On Wed, Jun 05, 2019 at 10:14:46AM +0200, Jakub Hrozek wrote: > Date: Wed, 5 Jun 2019 10:04:56 +0200 > From: Alexander Fieroch <[email protected]> > To: [email protected] > Subject: enumerate in sssd.conf > User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 > Thunderbird/60.7.0 > > Hi,
Hi, please note that the correct list for user facing questions is [email protected] > > I've set "enumerate = true" in sssd.conf which is working good for me and > our AD clients. > Now I recognized that RedHat does not recommend "enumerate = true" in > sssd.conf: > > <https://access.redhat.com/solutions/500433> > > When I disable enumarate in sssd, "getent passwd" does not list AD users > anymore. Is this normal behavior? Yes, enumerate=true does two things: - in sssd_be, starts a periodical task that downloads all entries currently served by SSSD (users, groups, netgroups, services, ..) - on the sssd_nss side, replies to getent passwd/getent group, or, on that level getpwent/getgrent/... with the contents of the cache. > I use "getent passwd" for a quick test if sssd is working and finding AD > users... Yes, it's convenient, but fetching and saving all entries is also very performance intensive, even with some optimizations like fetching only delta since the previous lastUSN change. That's why it is not recommended to use enumeration. _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
