On 06/15/2010 09:03 AM, Eric Doutreleau wrote: > ok thanks for the precision stephen > do you know when enumeration took place? > Is there a way to have only groups cache for a long time > When enumerate=True, we behave in the following way (by default): At the startup of the SSSD, we connect to LDAP and do a search over the entire ldap_search_base (or ldap_user_search_base + ldap_group_search_base). We then store all of the users and groups into the local cache. Every 120s (default, configurable), we do a search against the same base for objects with a last modified time more recent than the last time we did an update, and then copy those users and groups down and update them. Every 24 hours, we'll do another full enumeration, just to ensure that our intermediate updates haven't changed. There is no way to set group cache timeout separate from users, since the two objects are closely related. -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
