Hi John,
thanks for your input!
Sorry, I've meant ignore_group_members = true
I already read about the tmpfs idea but I worry a little when the vm fails
and then one restarts with out a connection to the domain controller the
users are not able to login anymore...
- at least that is what I am thinking
Am Do., 26. März 2020 um 16:07 Uhr schrieb John Hodrien <
J.H.Hodrien(a)leeds.ac.uk>:
On Thu, 26 Mar 2020, Jannis Mann wrote:
> Hi,
> I just want to check wether the performance of sssd is alright or if
there
> is room for improvement.
>
> I am using a binding account to query the Active Directory.
> I've configured a nesting level of 1.
>
> When I login the first time or run the id command it takes around 5 secs
to
> finish when the user is member of ~100 (nested) groups in the AD.
> It takes around 10 secs if the user is member of ~200 (nested) groups.
>
> So you can say the loading time is increasing linearly to the membership
of
> groups.
>
> Unfortunately I need to use a nesting level of 1. I've set group members
to
> false and enumeration off.
>
> Are these values in an acceptable area? What experiences did you make?
ignore_group_members = true
If you're in a situation where you can set this, it makes a massive
difference to performance (especially where you have large groups).
I've not retested with newer versions of SSSD, but in the past mounting
/var/lib/sss/db as tmpfs made another big performance difference.
We were getting >60 seconds times for an initial login of a user, which
would cause timeouts elsewhere. This ends up bringing it down to more like
one second for a typical case, and once it's been cached much faster than
that.
That was with nesting level 4.
jh_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...