URL:
https://github.com/SSSD/sssd/pull/319
Title: #319: sudo: add a threshold option to reduce size of rules refresh filter
fidencio commented:
"""
On Tue, Jul 11, 2017 at 3:00 PM, Pavel Březina <notifications(a)github.com>
wrote:
On 07/11/2017 02:38 PM, fidencio wrote:
> While I'm not assigning myself as a review of this patch, there are a
> few questions that came to my mind while reading it.
>
> Basically, what does *exactly* mean "too big to be processed by the
> server"? Is this some limitation encountered on server side? Is this
> something that differs on different LDAP server's implementation?
It may be a server limitation (query too big) or it may be just very
slow processing. A customer hit a bug when he had over 2k rules
refreshed in rules filter which is no good. So we need to limit it somehow.
Yep. I'm totally fine about limiting it. But do we really need to expose an
option for this?
Couldn't we go for 1024 rules being the maximum supported number and that's
it? (Of course, we still should have it documented).
> The main reason I'm asking this is because I'm not big fond of having
> this option. While I'm pretty sure it does work, I'd prefer to have
> something automatically done internally, otherwise we may just end up
> answering bug reports with "please, try to tune this option to ..."
> which is not exactly convenient. (Of course, I'm assuming here that we
> have at least some idea about what "too big to be processed by the
> server" actually means).
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<
https://github.com/SSSD/sssd/pull/319#issuecomment-314435624>, or mute
the thread
<
https://github.com/notifications/unsubscribe-auth/AAG4ep87hegrpdx6ICqz5_l...
.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/319#issuecomment-314437974