On 11/30/22 21:46, Christian, Mark wrote:
Are there other options I should consider in order to get sssd-ldap to perform similarily to nss_ldap?
NSS_LDAP
/etc/ldap.conf
It seems you're using PADL's classic nss_ldap. If yes, then you've also enabled nscd I guess. While I dislike nscd for historic reasons its NSS map query performance is the maximum you can expect. (I took this as reference when benchmarking my custom NSS/PAM demon for Æ-DIR.)
IIRC it's not supported to cache passwd and group maps served by libnss_sss with nscd.
The first thing I'd try is to enable full enumeration of the maps in sssd.conf. IIRC this can lead to other problems if you have several ten thousands of users and groups. YMMV.
Ciao, Michael.