> Are there any negative consequences of these settings? `getgrnam()`/`getgrgid()` libc functions (and thus, for example, `getent group $group`) won't return group members.
> BTW, I was able to reverse all of the timeout settings If a network operation doesn't complete within a timeout then it just fails, it doesn't work faster. So reduced timeouts can't give any performance boost. On Fri, Dec 6, 2024 at 6:01 PM Ice Man via sssd-users < [email protected]> wrote: > That helped my local tests, putting the cold-cache version on part with > the warm-cache call. > > I checked the number of groups (and its performance) using: > > $ sudo sss_cache --groups && sleep 5 && time (printf "%s\n" $(groups > $USER) | sort -u | wc -l) && time (printf "%s\n" $(groups $USER) | sort -u > | wc -l) > 29 > > real 0m0.620s > user 0m0.007s > sys 0m0.035s > 29 > > real 0m0.026s > user 0m0.012s > sys 0m0.012s > > Are there any negative consequences of these settings? ... BTW, I was able > to reverse all of the timeout settings and still get this performance > boost, just by using: > > $ git diff /etc/sssd > diff --git a/sssd/sssd.conf b/sssd/sssd.conf > index ed048b5..7b05e21 100644 > --- a/sssd/sssd.conf > +++ b/sssd/sssd.conf > @@ -9,6 +9,8 @@ override_space = _ > [pam] > > [domain/corp.mycompany.com] > +ignore_group_members = true > +subdomain_inherit = ignore_group_members > ldap_referrals = False > enumerate = False > # This allows users to still login when the LDAP server cannot be > reached > > Thanks so much for the help! :) >
-- _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
