Well, In my environment I've a single server that I've updated to 1.12.5, and timings I get are:
No cache: 2.87s Cache: 0.014s
Still a little painful. I will experiment with refresh_expired_interval...
John
On 21 July 2015 at 11:26, Евгений evgen787@mail.ru wrote:
Domain user with ~ +300 groups
- sss_cache -E
- login to ssh domain user and run sudo su - ( ~+10 sec)
Domain user with ~ 50 groups
- sss_cache -E
- login to ssh domain user and run sudo su - ( ~3-4 sec). (in the
principles of tolerance)
what can be done in this version? :)
Вторник, 21 июля 2015, 11:37 +02:00 от Jakub Hrozek jhrozek@redhat.com:
On Tue, Jul 21, 2015 at 12:29:39PM +0300, Евгений wrote:
Hi :)
- sssd in this thread is - sssd-1.11.6-30.el6_6.4.x86_64
- sssd_nss.log:
many,many requests... (sample)
(Mon Jul 20 18:58:02 2015) [sssd[nss]] [nss_cmd_getpwnam_search]
(0x0100): Requesting info for [_hd_notice@domain.local]
(Mon Jul 20 18:58:02 2015) [sssd[nss]] [sss_dp_issue_request] (0x0400):
Issuing request for [0x418850:1:_hd_notice@domain.local]
(Mon Jul 20 18:58:02 2015) [sssd[nss]] [sss_dp_get_account_msg]
(0x0400): Creating request for [domain.local][4097][1][name=_hd_notice]
(Mon Jul 20 18:58:02 2015) [sssd[nss]] [sss_dp_internal_get_send]
(0x0400): Entering request [0x418850:1:_hd_notice@domain.local]
Cant load all logs:)
Did you check how long a single group typically takes? Since you're already using ignore_group_members, it should be pretty swift.
So,problem is a user who has a lot of nested groups in AD. 2) If you're running a recent enough version, maybe the background refresh would be useful..
refresh_expired_interval?
Yes, but you're running RHEL/CentOS 6.6, that's not recent enough, sorry. The background refresh will be released in 6.7 (which is supposed to be out Any Day Now) _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://e.mail.ru/compose?To=sssd%2dusers@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users