Hi. I recently created this issue - https://github.com/389ds/389-ds-base/issues/6020 Maybe github is not the place for such general questions so I repost it here. In our deployments we have a lot of production environment for out clients. For granular access every client is placed into separate group (in github issue picture analogue is group-test-<num>) for which HBACs and SUDO rules applied.
But our support team need access all those environments, so support members are placed into the group team-support-l2 which automatically added as a member of every clients group (github issue analogue is user-group). Right now I basically expierience inability to add users to team-support-l2 because it hangs ldap server completly for several minutes, making every freeipa service that depends on ns-slapd inaccessible.
Are we doing something wrong in a way we are setting our group membership? Or should it work just fine with such number of groups?
Problem is the same for 389-ds-base-1.4.3 deployments and 389-ds-base-2.2.3 deployments.