slow login with sssd and ldap config
sgallagh at redhat.com
Thu Jun 10 11:12:49 UTC 2010
On 06/10/2010 05:50 AM, Eric Doutreleau wrote:
> ahhh i took a day to write the mail and i found the solution 5 minutes
> just after write the mail
> i add
> ldap_group_search_base = ou=Groups,dc=int-evry,dc=fr
> and it s far faster
> sorry to have disturbed
Hmm, this shouldn't have had a direct effect. If unspecified,
ldap_group_search_base should default to being the same as
ldap_search_base. Unless your LDAP server is incredibly large (and no
indexing is being performed), setting this should not have a measurable
effect. The primary purpose for this option is for LDAP deployments
where users and groups are in vastly disparate sections of the tree.
I'm more concerned that there's a bug in our processing when only one of
the two options is specified. I'm CCing one of our upstream QE engineers
to try and reproduce your original performance issue. I think you may
have found a bug here.
Eric, if you would also be willing to try it, I'm curious if you still
see this problem with only ldap_search_base specified (without
ldap_user_search_base and ldap_group_search_base)
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
More information about the users