On Mon, 13 Sep 2010 13:37:11 +0200 Petter Reinholdtsen <p...@hungry.com> wrote:
> [Simo Sorce] > > Do I miss any scenario ? > > I suspect you missed the scenario we have here at the University of > Oslo. We have a LDAP directory (OpenLDAP) with ~120k users, and > groups with 20-30k members using rfc2307 classic schema with memberUid > attributes. But user searches are limited, and will not return > anything if more than some thousand objects are found (not sure but > believe the limit is 5000). So looping over all users is not > possible. The algorithm chosen should not assume it is possible to > look up all objects in LDAP. No this is actually accounted for in the pure rfc2307 scenario, where we do not lookup any user but just create fake entries from the memberUid attribute of the group. > When trying to log in using sssd 1.2.1 for a user that is a member of > one of the large groups (25k members), logging in take several > minutes. :/ This should be fixed in latest releases. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
