On 4/12/16 12:15 PM, Todor Petkov wrote:
On 4/12/2016 7:56 PM, David Nelson wrote:
On 04/12/2016 09:51 AM, James Hogarth wrote:
To the OP enumerate is always painful, I'd remove that for a start.
This was my experience too, for what it's worth. When I first set up a
new system pointed at LDAP it was absurdly slow to authenticate. Setting
Enumerate to False in /etc/sssd/sssd.conf made all the difference.
Hello,
I had similar problem recently with Centos6 machine, which was in
another country and had ~100ms latency to the LDAP server.
When I did "id user", it took around 20 seconds. I did some debugging,
and when the user was not a member of additional groups, it was much
faster (5 seconds), but still slow.
It seems that for each member of a group, the client did a query to the
LDAP server. I put "ignore_group_members = true" in sssd.conf and now
it's much faster. Can you try this?
Regards,
In my particular case the server is already widely used so I'm not in a
good position to test it. But next time I have to set up a new system
that authenticates against LDAP, I'll be sure to do that!
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
