On Tue, Jan 23, 2018 at 7:55 PM, Jakub Hrozek <jhrozek(a)redhat.com> wrote:
On Tue, Jan 23, 2018 at 12:44:03PM -0500, email--- via FreeIPA-users
wrote:
> Hey All,
> Having some major issues with sudo and it appears the root cause is the
time it takes sssd to resolve root as a local user when
domain-resolution-order is enabled in ipa4.5, I do not have filter_users or
filter_groups defined, so the default root user should be used (
https://jhrozek.fedorapeople.org/sssd/1.15.2/man/sssd.conf.5.html)
Manually adding this value has no effect.
>
> Versions:
> IPA 4.5
> SSSD 1.15.2
> Centos 7.4
>
> Currently it takes `time id root` about 8-16 seconds to finish depending
on caches and firewalls.
> I have (2) forest trusts, a total of 7 domains + ipa itself, 3 of them
listed in domain-resolution-order
I'm pretty sure I hit this and I thought Fabiano wrote a patch, but I
can't find neither the ticket nor the fix.
Fabiano, do you remember?
Here's the ticket:
https://pagure.io/SSSD/sssd/issue/3460
By the way, I'm not subscribed to the freeipa-users ML. So, most likely,
this message will be moderated (and in case it happens, please, forward the
bug to the reporter).
Best Regards,
--
Fabiano Fidêncio