[SSSD] Re: sssd behaviour with large nested netgroups.

On Mon, May 09, 2016 at 11:04:59PM -0500, Malahal Naineni wrote: > Hi All, > > We have ganesha NFS server that calls innetgr() call to validate > client request. Noticing that all ganesha threads were making innetgr() > calls and spending a lot of time there, I wrote a small script that just > repeatedly calls innetgr() with same host name but with two different > netgroups. Each call seems take about 0.5 second. I would like to know > if sssd is expected to cache innetger() results or is it left to glibc? > Does any one know if glibc caches such requests of a larger nested > subgroup? Is this behaviour expected or something badly configured here? > > Appreciate any responses. SSSD should cache netgroups similar to any other object. If the netgroup expires, we might take a bit of time with large nested hierarchies to write them all back to the cache though. Do the calls always take long or only when the cache expires?