Re: saslauthd with mech "kerberos5" generates a lot of ldap-load

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



> I presume you have /etc/nsswitch.conf configured to use sssd for user/group
> resolution, and that you have 'auth_mech: unix' and 'unix_group_enable: 1'
> set in imapd.conf.
> If you do not make use of group based ACLs, consider turning off
> unix_group_enable. If you do make use of it, use pts/ldap. "Unix" group
> resolution can be very inefficient, as you would typically iterate over an
> entire group tree to resolve group membership on each authentication.

"unix_group_enable: 0" solved my problem, thank you !

What for is the "auth_mech: unix" ? For group management I understand, I can have
a mailbox for a group, then imap needs to know who is member of this group.

But with "unix_group_enable: 0", what for is the auth_mech needed ? When I shut down
the local user management (sssd), everything seems to work.


[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux