slow login with sssd and ldap config

Stephen Gallagher sgallagh at
Thu Jun 10 11:12:49 UTC 2010

On 06/10/2010 05:50 AM, Eric Doutreleau wrote:
> ahhh i took a day to write the mail and i found the solution 5 minutes
> just after write the mail
> i add
> ldap_group_search_base = ou=Groups,dc=int-evry,dc=fr
> and it s far faster
> sorry to have disturbed

Hmm, this shouldn't have had a direct effect. If unspecified, 
ldap_group_search_base should default to being the same as 
ldap_search_base. Unless your LDAP server is incredibly large (and no 
indexing is being performed), setting this should not have a measurable 
effect. The primary purpose for this option is for LDAP deployments 
where users and groups are in vastly disparate sections of the tree.

I'm more concerned that there's a bug in our processing when only one of 
the two options is specified. I'm CCing one of our upstream QE engineers 
to try and reproduce your original performance issue. I think you may 
have found a bug here.

Eric, if you would also be willing to try it, I'm curious if you still 
see this problem with only ldap_search_base specified (without 
ldap_user_search_base and ldap_group_search_base)

Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.

More information about the users mailing list