Finn, with LDAP, recursively searching for all nested subgroups, sub-sub-groups, etc. -- that can be an expensive operation.
the default ldap_group_nesting_level is 2. You might try to set that to some larger number (like 5 or 6) to see if it makes any difference. If you're connecting to AD, there's an optimization that's not expensive (to clients doing LDAP searches) called 'tokengroups'. Spike White On Thu, Jan 18, 2024 at 5:28 PM Finn Fysj <[email protected]> wrote: > I'm experiencing problems on my RHEL 9 instance when looking up members of > group using > getent group <GROUP NAME>. I can only get users which has direct access to > a group, > and no the "user groups" part of the group. > > > > My sssd.conf: > [domain/<DOMAIN>] > id_provider = ldap > auth_provider = ldap > chpass_provider = ldap > sudo_provider = ldap > > ldap_uri = ldaps:/ipa.example.com > ldap_schema = rfc2307bis > > ldap_search_base = dc=example,dc=com > ldap_sudo_search_base = ou=sudoers,dc=example,dc=com > ldap_user_search_base = cn=users,cn=accounts,dc=example,dc=com > ldap_group_search_base = cn=groups,cn=accounts,dc=example,dc=com > > [sssd] > services = nss, pam, sudo > domains = default > > [nss] > homedir_substring = /home > > [pam] > > [sudo] > -- > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
