Thanks for the reply.
1. Yes we have enumeration enabled due to legacy applications. 2. If some
objects are removed from LDAP/AD server, but they would expire in local
persistent cache based on timeout value. What is downside of leaving expired
entries in persistent cache besides just space. I am assuming that enumeration
look up and lookup of those objects would not return them since they are
expired. 3. What is downside if we increase ldap_purge_cache_timeout to a large
value, so it does not get run.4. is cleanup_users/cleanup_groups are
debug_level 9 entries, which corresponds to this cleanup ?
Thanks,Sanjay Agrawal
On Friday, December 18, 2020, 05:08:20 AM EST, Sumit Bose
<[email protected]> wrote:
On Thu, Dec 17, 2020 at 09:53:39PM +0000, Sanjay Agrawal wrote:
> Hi,
> I found following article. and we think we are running into same issue. We
> are running sssd with RHEL 7.9. I have following questions -
Hi,
> 1. Is this issue fixed with RHEL 7.9 ?
Yes, the issue as described in the bugzilla ticket is fixed.
> 2. Is it possible to disable periodic run of purge. We basically dont
> want to purge in favor of performance improvement.
If you have enumeration enabled the purge is not enabled to improve
performance but to make sure objects which are deleted on the LDAP
server are deleted in SSSD's cache as well. So it is part of the
enumeration functionality and cannot be disabled.
In general we do not recommend to enable enumeration only if there are
specific reason, e.g. legacy applications. May I ask if you have
enumeration enable and if yes, why?
> 3. If so what is the downside of it.
see above
> 4. How do I verify is this is impacting us. I see very high cpu every 3
>hours. I thought this may be the cause.
You can increase the debug_level and inspect the logs covering the time
of the high CPU load. For this you can add 'debug_level = 9' to the
[domain/...] section, restart SSSD and let it run for a couple of hours.
Then remove the 'debug_level' option and restart SSSD to avoid further
logging.
bye,
Sumit
>
>
> 1430415 – ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries
> once the cleanup task kicks in
>
> Thanks,Sanjay Agrawal
> _______________________________________________
> sssd-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/[email protected]
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
