I have noted that enumerate loses group members(getent group) somewhat randomly(each sssd restart has a different set of lost members)

This happens in both 1.16.4 and 2.1.0

Fairly large group db, about 1550 groups

On Wed, 2019-06-05 at 10:14 +0200, Jakub Hrozek wrote:

Hi,

I've set "enumerate = true" in sssd.conf which is working good for me
and our AD clients.
Now I recognized that RedHat does not recommend "enumerate = true" in
sssd.conf:

<https://access.redhat.com/solutions/500433>

When I disable enumarate in sssd, "getent passwd" does not list AD users
anymore. Is this normal behavior?
I use "getent passwd" for a quick test if sssd is working and finding AD
users...

Best regards,
Alexander