Hi John, thanks for your input!
Sorry, I've meant ignore_group_members = true I already read about the tmpfs idea but I worry a little when the vm fails and then one restarts with out a connection to the domain controller the users are not able to login anymore... - at least that is what I am thinking Am Do., 26. März 2020 um 16:07 Uhr schrieb John Hodrien < [email protected]>: > On Thu, 26 Mar 2020, Jannis Mann wrote: > > > Hi, > > I just want to check wether the performance of sssd is alright or if > there > > is room for improvement. > > > > I am using a binding account to query the Active Directory. > > I've configured a nesting level of 1. > > > > When I login the first time or run the id command it takes around 5 secs > to > > finish when the user is member of ~100 (nested) groups in the AD. > > It takes around 10 secs if the user is member of ~200 (nested) groups. > > > > So you can say the loading time is increasing linearly to the membership > of > > groups. > > > > Unfortunately I need to use a nesting level of 1. I've set group members > to > > false and enumeration off. > > > > Are these values in an acceptable area? What experiences did you make? > > ignore_group_members = true > > If you're in a situation where you can set this, it makes a massive > difference to performance (especially where you have large groups). > > I've not retested with newer versions of SSSD, but in the past mounting > /var/lib/sss/db as tmpfs made another big performance difference. > > We were getting >60 seconds times for an initial login of a user, which > would cause timeouts elsewhere. This ends up bringing it down to more like > one second for a typical case, and once it's been cached much faster than > that. > > That was with nesting level 4. > > jh_______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] >
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
