Greetings,
we run some podman containers that come with their own local users, such as this one:
ironic-inspector:x:42461:42461::/var/lib/ironic-inspector:/usr/sbin/nologin

when running a top on the server, top tries to resolve the user name for that id and fails, however there is still a BE_REQ_USER request sent:
(2022-12-30 22:42:33): [be[MY.DOMAIN.NET]] [dp_get_account_info_send] (0x0200): Got request for [0x1][BE_REQ_USER][idnumber=42461]

I would hope to get rid of these requests against the domain.
unfortunately in MY.DOMAIN.NET there are uids below and above this number, so I cannot rely on the "min_id" parameter to filter users.
I would like to know if it is possible to support using user ids in the [nss] filter_users to prevent those user requests to the domain, or if anyone has any other suggestion.

I increased the entry_negative_timeout to reduce the number of queries, but filtering them out entirely would be even better.
Thank you!
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue