On Mon, Apr 07, 2014 at 11:40:58AM +0200, Angel Bosch wrote:
> Can you see the enumeration task in the sssd domain log? It
should
> run
> after startup (with some delay in order not to interfere with system
> startup) and download all users and groups.
>
> I'd start the investigation there, the config file looks OK.
>
ok, after raising log level to 7 (thanks for the tip) I think I've found the
problem:
(Mon Apr 7 13:36:54 2014) [sssd[be[XXX.net]]] [sdap_get_generic_ext_done] (0x0400):
Search result: Administrative limit exceeded(11), no errmsg set
I must use a binddn user without restritions.
As an alternative you can try to lower ldap_page_size where the default
is 1000.
HTH
bye,
Sumit
> btw in general I don't recommend enumeration if your directory is
> very
> large (thousands or tens of thousands of entries), the sssd might be
> trashing the disk saving so many entries.
I'm aware of that but I need some machines to be able to enumerate all users for some
cron scripts.
abosch
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users