Jakub Hrozek <jhrozek(a)redhat.com> writes:
even though RHEL-6.4 is still brewing, I think there might be some
interest in trying out the 1.9.x series of the SSSD on RHEL-6.3.
So I went ahead and built the SSSD 1.9.2 in a RHEL-6.3 buildroot:
The NVR of these test packages will be lower than those in 6.4 to keep
the upgrade path clean. The only missing functionality is the PAC
responder, which means this SSSD version won't be able to work with
an AD domain that is in a trust relationship with an IPA 3.x domain. I
had to disable the PAC responder as it requires Kerberos 1.10.
Because some new functionality required tweaking the SELinux policy, you
will encounter AVC denials when the new fast cache is accessed. That
said, my quick smoke testing went fine and we will be glad to hear test
results or bug reports.
Hello Jakub and the SSSD team,
My interest in the 1.9 version is first and foremost the performance
enhancements related to large groups. At our site, we have lots of
fairly large file groups and a few enormous ones (which we're getting
rid of but it takes some time). I installed sssd-1.9 from your test repo
on a rhel6.3 VM, ran a couple of quick tests and compared it to an
identical VM with the stock sssd-1.8 from rhel6.3. The results are
Test 1: time getent group <group with 7k members>
Test 2: time id <member of several large groups>
Both tests were done without a preexisting cache, i.e. 'service sssd
stop; rm /var/lib/sss/db/*; service sssd start', then run test. We're
using plain LDAP (rfc3207) as id provider and auth provider.
This is a remarkable performance boost, and I can't wait to see an
official sssd-1.9 package in rhel6. Thanks for all your hard work and
have a nice weekend! :)
PS. Will we see sssd-1.9 in Fedora 17?
Trond H. Amundsen <t.h.amundsen(a)usit.uio.no>
Center for Information Technology Services, University of Oslo