On Wed, Sep 18, 2013 at 01:41:06PM +0200, Jean-Baptiste Denis wrote: > > Hi Jean-Baptiste, > > Hi Jakub, > > > From the snippets you sent it indeed seems the UID is searched for. But > > after one such search, the entry should be cached in the negative cache > > and no requests towards the backend should be issued. Is it not the > > case? > > From my point of view it is not. Here is a simple version of what I'm > observing (I can reproduce it) : > > From the client : > > client $ getent passwd 1047 > > From the client, in another terminal : > > client $ tail -f /var/log/sssd/sssd_nss.log > (Wed Sep 18 13:20:35 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): > Received client version [1]. > (Wed Sep 18 13:20:35 2013) [sssd[nss]] [sss_cmd_get_version] (0x0200): > Offered version [1]. > (Wed Sep 18 13:20:35 2013) [sssd[nss]] [nss_cmd_getpwuid_search] > (0x0040): No matching domain found for [1047], fail! > (Wed Sep 18 13:20:35 2013) [sssd[nss]] [client_recv] (0x0200): Client > disconnected! > > On the ldap server (one line per sssd domain) : > > ldapserver $ tail -f /var/log/openldap/slapd.log|grep > "uidNumber=1047"|grep 1047 > > Sep 18 13:22:00 pantero slapd[31421]: conn=387670 op=5 SRCH > base="ou=users,dc=example,dc=com" scope=2 deref=0 > filter="(&(uidNumber=1047)(objectClass=posixAccount))" > Sep 18 13:22:00 pantero slapd[31421]: conn=387671 op=5 SRCH > base="ou=users,dc=example,dc=com" scope=2 deref=0 > filter="(&(uidNumber=1047)(objectClass=posixAccount))" > > Each time I issue a "getent passwd 1047" I've got those entries in the log.
Hm, I think I see the problem as well...I'll poke to the code to see if there is some bug. I see utility functions for handling negative cache for UIDs and GIDs as well but as you said I'm also seeing the backed queried every time. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel