Hello,
Enumeration puts a lot of load on your directory. And with a big directory it can take several minutes pegging CPU and slowing down the performance of the client. Yes it is by design. SSSD will fetch and cache things on as needed basis. There are other means and tools that come with sssd that will help you to check if it is working or not.
Thank you Dmitri
On Wed, Jun 5, 2019 at 4:05 AM Alexander Fieroch < alexander.fieroch@mpi-dortmund.mpg.de> wrote:
Hi,
I've set "enumerate = true" in sssd.conf which is working good for me and our AD clients. Now I recognized that RedHat does not recommend "enumerate = true" in sssd.conf:
https://access.redhat.com/solutions/500433
When I disable enumarate in sssd, "getent passwd" does not list AD users anymore. Is this normal behavior? I use "getent passwd" for a quick test if sssd is working and finding AD users...
Best regards, Alexander
sssd-users@lists.fedorahosted.org