Sorry for the blind email, but we are hitting a wall. We currently use ODSEE LDAP for OS auth services. With the migration to sssd we are noticing that connection time takes an unacceptable amount of time. We have done some debugging and notice that SSSD pulls all of the users POSIX object class attributes from LDAP. We use host attributes to granularly regulated who can log in where. With some users having 10K host attributes, it takes a while for sssd to import and cache all that information. If there anyway to stop SSSD from caching all the users info? Maybe just the uid, passwd and shadow?
On Thu, Dec 04, 2014 at 09:05:55PM +0000, PATRICK wrote:
Sorry for the blind email, but we are hitting a wall. We currently use ODSEE LDAP for OS auth services. With the migration to sssd we are noticing that connection time takes an unacceptable amount of time. We have done some debugging and notice that SSSD pulls all of the users POSIX object class attributes from LDAP. We use host attributes to granularly regulated who can log in where. With some users having 10K host attributes, it takes a while for sssd to import and cache all that information. If there anyway to stop SSSD from caching all the users info? Maybe just the uid, passwd and shadow?
Can you paste your (sanitized) sssd.conf ?
do you use enumerate=true ?
On 12/04/2014 04:05 PM, PATRICK wrote:
Sorry for the blind email, but we are hitting a wall. We currently use ODSEE LDAP for OS auth services. With the migration to sssd we are noticing that connection time takes an unacceptable amount of time. We have done some debugging and notice that SSSD pulls all of the users POSIX object class attributes from LDAP. We use host attributes to granularly regulated who can log in where. With some users having 10K host attributes, it takes a while for sssd to import and cache all that information. If there anyway to stop SSSD from caching all the users info? Maybe just the uid, passwd and shadow?
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
What is the setting for the enumerate configuration option in sssd.conf? Is it set to true?
sssd-users@lists.fedorahosted.org