slow login with sssd and ldap config
Stephen Gallagher
sgallagh at redhat.com
Tue Jun 15 13:50:50 UTC 2010
On 06/15/2010 09:03 AM, Eric Doutreleau wrote:
> ok thanks for the precision stephen
> do you know when enumeration took place?
> Is there a way to have only groups cache for a long time
>
When enumerate=True, we behave in the following way (by default):
At the startup of the SSSD, we connect to LDAP and do a search over the
entire ldap_search_base (or ldap_user_search_base +
ldap_group_search_base). We then store all of the users and groups into
the local cache. Every 120s (default, configurable), we do a search
against the same base for objects with a last modified time more recent
than the last time we did an update, and then copy those users and
groups down and update them.
Every 24 hours, we'll do another full enumeration, just to ensure that
our intermediate updates haven't changed.
There is no way to set group cache timeout separate from users, since
the two objects are closely related.
--
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
More information about the users
mailing list