Title: #319: sudo: add a threshold option to reduce size of rules refresh filter
While I'm not assigning myself as a reviewer of this patch, there are a few questions
that came to my mind while reading it.
Basically, what does **exactly** mean "too big to be processed by the server"?
Is this some limitation encountered on server side? Is this something that differs on
different LDAP server's implementation?
The main reason I'm asking this is because I'm not big fond of having this option.
While I'm pretty sure it does work, I'd prefer to have something automatically
done internally, otherwise we may just end up answering bug reports with "please, try
to tune this option to ..." which is not exactly convenient. (Of course, I'm
assuming here that we have at least some idea about what "too big to be processed by
the server" actually means).
Please, let me know what you think about my suggestion, @pbrezina.
See the full comment at https://github.com/SSSD/sssd/pull/319#issuecomment-314430250