On 7/23/2025 10:12 PM, Gregory Carter wrote:
The RFC doesn't define how only what.
Maybe the SSSD maintainers can describe their approach to whether or
not SSSD looks for memberOf in a CN or if it automatically switches to
search mode to any groups in that CN context that it can find with a
matching uid.
I suppose the White Elephant in this thread is why should we continue
to use OpenLDAP when Samba-AD is available now and it works?
Hi Gregory,
I really don't get why you would ask this question. But my answer is:
One, OpenLDAP provides rock-solid, appliance-like reliability. Two, it
has a proven track record for delivering excellent performance
(~2500/searches/CPU core/second). The developer team very actively
maintains OpenLDAP. This problem with SSSD performance has nothing to do
with OpenLDAP, except that the rate limiting built into the product
prevented an unintentional friendly denial of service.
I understand everyone likes and is more effective with the tools that
they are familiar with, but wonder if there is another reason that
you're implying people discontinue use of OpenLDAP?
And, doesn't SambaAD not use OpenLDAP under the hood for its directory
server?
And, apologies to the list. I think we're off topic now. Does this even
relate to the SSSD issues as discussed?
--
Chris Paul | Rex Consulting |https://www.rexconsulting.net
--
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
