[SSSD-users] Re: SSSD performance

I've just mounted /var/lib/sss/db to tmpfs but can't find any improvement of speed tbh I've set the nesting level to 3 for testing purposes and the user is member of around 400 groups. It still takes around 25 seconds for the initial login, with around the same time when the directory is not mount

[SSSD-users] Re: SSSD performance

On Thu, 26 Mar 2020, Jannis Mann wrote: Hi John, thanks for your input! Sorry, I've meant ignore_group_members = true I already read about the tmpfs idea but I worry a little when the vm fails and then one restarts with out a connection to the domain controller the users are not able to logi

[SSSD-users] Re: SSSD performance

Hi John, thanks for your input! Sorry, I've meant ignore_group_members = true I already read about the tmpfs idea but I worry a little when the vm fails and then one restarts with out a connection to the domain controller the users are not able to login anymore... - at least that is what I am th

[SSSD-users] Re: SSSD performance

On Thu, 26 Mar 2020, Jannis Mann wrote: Hi, I just want to check wether the performance of sssd is alright or if there is room for improvement. I am using a binding account to query the Active Directory. I've configured a nesting level of 1. When I login the first time or run the id command it

[SSSD-users] SSSD performance

Hi, I just want to check wether the performance of sssd is alright or if there is room for improvement. I am using a binding account to query the Active Directory. I've configured a nesting level of 1. When I login the first time or run the id command it takes around 5 secs to finish when the us

[SSSD-users] Re: sssd and TLS/SSL after AD Microsoft Patch

On Thu, 26 Mar 2020 at 13:00, Arnau Bria wrote: > > Hi John, > > first of all thanks for your answer. > > I'm not and AD/LDAP/SSSD expert, sorry in advance for my ignorance. I'm certainly no expert, I was just pointing you in the direction of a recent thread on this topic. > this is what I unders

[SSSD-users] Re: sssd and TLS/SSL after AD Microsoft Patch

Hi John, first of all thanks for your answer. I'm not and AD/LDAP/SSSD expert, sorry in advance for my ignorance. this is what I understand: those changes might require to use LDAP with TLS either with START_TLS on > the LDAP port or using LDAPS. I understand that we have to enforce TLS or L

[SSSD-users] Re: sssd and TLS/SSL after AD Microsoft Patch

On Thu, 26 Mar 2020 at 11:47, Arnau Bria wrote: > Dear all, > > we're preparing our sssd service to be fully compliant with the patch the > Microsfot will release soon and that will make AD reject any communication > that is not encrypted. ( *ADV190023 >

[SSSD-users] sssd and TLS/SSL after AD Microsoft Patch

Dear all, we're preparing our sssd service to be fully compliant with the patch the Microsfot will release soon and that will make AD reject any communication that is not encrypted. ( *ADV190023 * ). We run Scientific L

[SSSD-users] Re: SSSD and PKI: capability of checking trust/validation/revocation

On Thu, Mar 26, 2020 at 08:16:31AM -, Hristina Marosevic wrote: > > On Wed, Mar 25, 2020 at 10:49:55AM -, Hristina Marosevic wrote: > > > > Hi, > > > > glad to hear it is working now. Thanks for your patience. > > > > bye, > > Sumit > > > Hello, > > As I was planning, I tried to login

[SSSD-users] Re: SSSD and PKI: capability of checking trust/validation/revocation

> On Wed, Mar 25, 2020 at 10:49:55AM -, Hristina Marosevic wrote: > > Hi, > > glad to hear it is working now. Thanks for your patience. > > bye, > Sumit Hello, As I was planning, I tried to login with an expired certificate and the authentication failed with error: write(2, "(Wed Mar 25