On Tue, 2012-01-03 at 15:51 -0500, Peter Larsen wrote: > Pavel, > Are you sure the LDAP server allows listing all users? It's quite normal > to turn that off. By default, SSSD doesn't allow listing all users/groups because it presents significant load on the server. You can enable it by adding 'enumerate = True' to the [domain/default] section of /etc/sssd/sssd.conf and then restarting SSSD (with 'service sssd restart') It may take several minutes before the results are viewable as SSSD retrieves them all and caches them, depending on the size of your LDAP server. (After the initial caching period, the lookups will be fast) In general, you probably want to review what your scripts are doing and see if you can't make them more efficient by using specific lookups.
Attachment:
signature.asc
Description: This is a digitally signed message part
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org