On Wed, Feb 22, 2023 at 11:31 PM Prentice Bisbal <[email protected]> wrote: > > On 2/22/23 4:14 PM, Patrick Riehecky wrote: > > Is there a way to get results in `getent passwd` from a files domain > > with enumerate=false? > > > > relevant domain snippet: > > [domain/FNAL.GOV] > > auth_provider=krb5 > > id_provider=files > > enumerate=false > > > > > > When I change from `enumerate=false` to `enumerate=true` I get > > everything I'd expect from `getent passwd`. > > > > The load time on my enormous file is painful with enumerate=true. > > > > Pat > > > > Are you providing a username to getent like this for user foo? > > getent passwd foo > > That should give you the passwd file entry for user foo when > enumerate=false (and even when it's true!) > > > The load time on my enormous file is painful with enumerate=true. > > That is why enumerate=false is the default for sssd enumerating through > every possible value puts a huge load on SSSD, so shouldn't be used at > sites with a large number of user accounts.
Actually 'files provider' is somewhat special: 1) it always reads the entire /etc/passwd into SSSD cache, so there should be no difference CPU load wise. 2) IIRC, 'files provider' doesn't actually respond to enumeration request because typically there is also 'files' in 'passwd:' database that enumerates and glibc concatenates results From a practical point of view, for 'auth_provider=krb5' & local users case we now tend to recommend using 'id_provider = proxy' with lib 'files'. 'Files provider' might be deprecated / removed upstream going forward. _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
