From: Ian Kent
Sent: Tuesday, March 17, 2015 6:37 AM
If an indirect map has the "browse" (or ghost) option the entire map
[...]
Direct maps must always be read completely because the direct mount
Ah, yes, we do not use the ghost option or direct maps, so I did not consider that use
case.
I think we discussed this at the time and, given the cases, decided
it
was best for sss to read the entire map and cache it since it might need
to be able to supply the entire map and can't know if that will be the
case.
On the other hand, there are cases such as mine where not only is reading the entire map
unnecessary but inadvisable and practically infeasible 8-/. For my deployment, using sssd
to access autofs data in ldap rather than autofs accessing it directly would drastically
increase the load on the LDAP server, which seems completely cross purpose to the
existence of sssd. Currently there is sporadic load as individual entries (probably no
more than 10-1000 or so in a given day, depending on the server) are looked up. With sssd,
all 120000 entries would be pulled over on an ongoing basis throughout the day (I'm
not sure how often it refreshes its local cache).
That's okay though, I don't really have any strong need to use sssd for autofs. I
just thought it would be interesting to look into given the new RHEL6 support from the
perspective of centralizing all LDAP lookups into one place. Assuming there are no planned
changes to the native autofs ldap support, that meets our needs fine.
Thanks…