slow login with sssd and ldap config

Eric Doutreleau Eric.Doutreleau at it-sudparis.eu
Tue Jun 15 13:55:19 UTC 2010


thanks for the info stephen

Le 15/06/2010 15:50, Stephen Gallagher a écrit :
> On 06/15/2010 09:03 AM, Eric Doutreleau wrote:
>> ok thanks for the precision stephen
>> do you know when enumeration took place?
>> Is there a way to have only groups cache for a long time
>>
>
> When enumerate=True, we behave in the following way (by default):
>
> At the startup of the SSSD, we connect to LDAP and do a search over the
> entire ldap_search_base (or ldap_user_search_base +
> ldap_group_search_base). We then store all of the users and groups into
> the local cache. Every 120s (default, configurable), we do a search
> against the same base for objects with a last modified time more recent
> than the last time we did an update, and then copy those users and
> groups down and update them.
>
> Every 24 hours, we'll do another full enumeration, just to ensure that
> our intermediate updates haven't changed.
>
> There is no way to set group cache timeout separate from users, since
> the two objects are closely related.
>


More information about the users mailing list