Here is what was printed to the sssd_nss log at level 5 when i ran a
sudo command.
Also, the full sssd.conf that i am currently running on this machine.
-chris
On 12/19/2013 01:27 PM, Jakub Hrozek wrote:
On Thu, Dec 19, 2013 at 11:42:54AM -0500, Dmitri Pal wrote:
> I do not think it searches for sudo information. On every login SSSD
> refreshes data about user and groups to be able to serve most recent
> information about a user.
> The volume of the searches is probably related to the resolution of the
> nexted groups and group membership which indicates to me that you are
> using LDAP back end rather than and AD back end for AD communication.
> sssd.conf would be helpful to prove this theory.
>
> If it is try then there are two issues:
> a) Many lookups - switch to AD back end for that
> b) sudo is not working - does it or you are just concerned about the noise?
Right, I also suspect the noise is due to initgroups or looking up other
information about the user or his groups. I suspect the latter, because
initgroups are really fast with ID mapping and in the log snippet I saw
a request by SID.
It would be nice to also see what's in the sssd_nss log, then we might
see what requests exactly come to the SSSD.
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users