Can I list all users defined in LDAP (on RHEL6 or Fedora) ?
Stephen Gallagher
sgallagh at redhat.com
Tue Jan 3 21:10:36 UTC 2012
On Tue, 2012-01-03 at 15:51 -0500, Peter Larsen wrote:
> Pavel,
> Are you sure the LDAP server allows listing all users? It's quite normal
> to turn that off.
By default, SSSD doesn't allow listing all users/groups because it
presents significant load on the server. You can enable it by adding
'enumerate = True' to the [domain/default] section
of /etc/sssd/sssd.conf and then restarting SSSD (with 'service sssd
restart')
It may take several minutes before the results are viewable as SSSD
retrieves them all and caches them, depending on the size of your LDAP
server. (After the initial caching period, the lookups will be fast)
In general, you probably want to review what your scripts are doing and
see if you can't make them more efficient by using specific lookups.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20120103/b85b129b/attachment.sig>
More information about the users
mailing list