[SSSD-users] Avoid (&(objectClass=posixAccount)(uid=*)(uidNumber=*)(gidNumber=*))

HI! I'm seeing searches like this sent by sssd to the LDAP server: (&(objectClass=posixAccount)(uid=*)(uidNumber=*)(gidNumber=*)) Likely this is because some of the server admins set in sssd.conf: enumerate = true While it's debatable to disable enumeration I wonder how one can avoid that sssd uses the filter above. Since all three attributes are mandantory in objectClass posixAccount anyway it would be sufficient to do a user numeration search just with filter (objectClass=posixAccount) because there cannot be an entry without any of these attributes. I'm asking because it turned out that the LDAP server's processing of (&(objectClass=posixAccount)(uid=*)(uidNumber=*)(gidNumber=*)) is two times slower than just (objectClass=posixAccount). Ciao, Michael.