Re: slow login with sssd and ldap config

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 06/15/2010 09:03 AM, Eric Doutreleau wrote:
> ok thanks for the precision stephen
> do you know when enumeration took place?
> Is there a way to have only groups cache for a long time
>

When enumerate=True, we behave in the following way (by default):

At the startup of the SSSD, we connect to LDAP and do a search over the 
entire ldap_search_base (or ldap_user_search_base + 
ldap_group_search_base). We then store all of the users and groups into 
the local cache. Every 120s (default, configurable), we do a search 
against the same base for objects with a last modified time more recent 
than the last time we did an update, and then copy those users and 
groups down and update them.

Every 24 hours, we'll do another full enumeration, just to ensure that 
our intermediate updates haven't changed.

There is no way to set group cache timeout separate from users, since 
the two objects are closely related.

-- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux