On Tue, Oct 07, 2014 at 05:15:35PM +0200, François Dagorn wrote:
Le 07/10/2014 17:11, John Hodrien a écrit :
On Tue, 7 Oct 2014, François Dagorn wrote:
Attached the log file with debug=9 and also our sssd.conf.
Do you have a really good reason to enable enumerate?
John,
I've a reason, not so good indeed, without enumerate lightdm does not work !
Wow, if they rely on getpwent() and friends, then I would call lightdm broken, sorry.. I guess using something like utmp and providing a button to type in the username would be much better..
One thing that might help you is enabling some kind of lastUSN attribute or similar on the server. I don't remember if OpenLDAP has this by default, but using lastUSN might decrease the amount of data that is fetched from the server..
Alternatively, you might want to play with the ldap search bases to set some filter that would match fewer entries (be careful to only use indexed attributes, otherwise a custom query might thrash the server side performance as well)