[SSSD-users] Re: Behaviour of refresh_expired_interval
On Tue, Jul 03, 2018 at 02:12:22PM +0200, John Hearns wrote:
I have an AD setup where users can be a member of perhaps 130
groups.
When I run 'groups jbloggs' this can take 90 seconds or even longer.
I have reduced that time to perhaps 20 seconds by setting
ignore_group_members = TRUE
Once the information is cached the groups command returns in less that one
second.
However, after a length of time the cache seems to be invalidated and the
information is fetched again from the server, taking 20 seconds again.
The cacheing parameters are set to:
entry_cache_timeout = 5400
entry_cache_user_timeout = 5400
entry_cache_group_timeout = 5400
refresh_expired_interval = 4000
Surely this means that after 4000 seconds the user and group information is
refreshed in the background.
So a user running the groups command would always see freshly cached values?
With 'debug_level=6' or higher in the [domain/...] section of sssd.conf you
should be able to see messages like 'Refreshing <username> in domain
<domainname>' in domain log file when is refresh task is running.
bye,
Sumit
Clearly I am not understanding something here.
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahost...