I am still having a lot of problems with group resolution in sssd.
User logins can take anything up to two minutes, or longer.
When I time the command groups username for a selected username thish can take two or
more minutes to return.
I have this set:
ldap_schema = ad
ldap_group_nesting_level = 0
ldap_groups_use_matching_rule_in_chain = True
ldap_initgroups_use_matching_rule_in_chain = True
How can one tell what the appropriate ldap_schema is for our AD controllers?
Also the information is not cached for long enough. I set
enum_cache_timeout = 1200
entry_cache_timeout = 5400
entry_cache_user_timeout = 5400
entry_cache_group_timeput = 5400
I really do not see groups information being cached for 90 minutes
Show replies by date