URL:
https://github.com/SSSD/sssd/pull/319
Title: #319: sudo: add a threshold option to reduce size of rules refresh filter
pbrezina commented:
"""
On 07/11/2017 02:38 PM, fidencio wrote:
While I'm not assigning myself as a review of this patch, there
are a
few questions that came to my mind while reading it.
Basically, what does *exactly* mean "too big to be processed by the
server"? Is this some limitation encountered on server side? Is this
something that differs on different LDAP server's implementation?
It may be a server limitation (query too big) or it may be just very
slow processing. A customer hit a bug when he had over 2k rules
refreshed in rules filter which is no good. So we need to limit it somehow.
The main reason I'm asking this is because I'm not big fond
of having
this option. While I'm pretty sure it does work, I'd prefer to have
something automatically done internally, otherwise we may just end up
answering bug reports with "please, try to tune this option to ..."
which is not exactly convenient. (Of course, I'm assuming here that we
have at least some idea about what "too big to be processed by the
server" actually means).
"""
See the full comment at
https://github.com/SSSD/sssd/pull/319#issuecomment-314435624