On Fri, Dec 18, 2020 at 02:51:40PM +0000, Sanjay Agrawal wrote: > Thanks for the reply. > > 1. Yes we have enumeration enabled due to legacy applications. > 2. If some objects are removed from LDAP/AD server, but they would > expire in local persistent cache based on timeout value. What is > downside of leaving expired entries in persistent cache besides just > space. I am assuming that enumeration look up and lookup of those > objects would not return them since they are expired.
No, expired objects are typically returned to allow offline operation. That's why the purge task is important. > 3. What is downside if we increase ldap_purge_cache_timeout to a large > value, so it does not get run. This might be a workaround but I'd suggest to run it at least once a week to delete entries from the cache which are removed on the server (see above). > 4. is cleanup_users/cleanup_groups are debug_level 9 entries, which > corresponds to this cleanup ? Yes, those are the functions run by the cleanup task. bye, Sumit > Thanks,Sanjay Agrawal > > On Friday, December 18, 2020, 05:08:20 AM EST, Sumit Bose > <[email protected]> wrote: > > On Thu, Dec 17, 2020 at 09:53:39PM +0000, Sanjay Agrawal wrote: > > Hi, > > I found following article. and we think we are running into same issue. We > > are running sssd with RHEL 7.9. I have following questions - > > Hi, > > > 1. Is this issue fixed with RHEL 7.9 ? > > Yes, the issue as described in the bugzilla ticket is fixed. > > > 2. Is it possible to disable periodic run of purge. We basically dont > > want to purge in favor of performance improvement. > > If you have enumeration enabled the purge is not enabled to improve > performance but to make sure objects which are deleted on the LDAP > server are deleted in SSSD's cache as well. So it is part of the > enumeration functionality and cannot be disabled. > > In general we do not recommend to enable enumeration only if there are > specific reason, e.g. legacy applications. May I ask if you have > enumeration enable and if yes, why? > > > 3. If so what is the downside of it. > > see above > > > 4. How do I verify is this is impacting us. I see very high cpu every 3 > >hours. I thought this may be the cause. > > You can increase the debug_level and inspect the logs covering the time > of the high CPU load. For this you can add 'debug_level = 9' to the > [domain/...] section, restart SSSD and let it run for a couple of hours. > Then remove the 'debug_level' option and restart SSSD to avoid further > logging. > > bye, > Sumit > > > > > > > 1430415 – ldap_purge_cache_timeout in RHEL7.3 invalidate most of the > > entries once the cleanup task kicks in > > > > Thanks,Sanjay Agrawal > > > _______________________________________________ > > sssd-users mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedorahosted.org/archives/list/[email protected] > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
