On 5 November 2020 13:58:54 CET, Nico Kadel-Garcia <nkadel(a)gmail.com> wrote:
sssd also breaks other LDAP setups, It's extremely broken with larger
LDAP setups because it insists on caching *ALL* of the LDAP, barring
being able to filter to only a smaller set of the LDAP. But because so
many LDAP setups scatter group and user information in so many
distinct parts of the LDAP layout, this never works and it *ALWAYS*
times out in large, remot4e LDAP setups. It works for a few seconds at
start time, then crashes and takes out *all* sssd based services.
I don't share this experience and I run sssd in large environments. Sssd will by
default lookup the user authenticating, the groups that user belongs to and all members of
those groups.
Looking up group members is easily turned off and leads to a much smoother experience from
what I have seen.
I still don't think deprecating nscd seems like a reasonable change. Change defaults,
well ok. Deprecating, I don't really see why tbh.
>_______________________________________________
>devel mailing list -- devel(a)lists.fedoraproject.org
>To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
>Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
>