Hi SSSD Users.
I'm trying to increase the performance of my user's logins, we have a medium sized
According to the man page, the enumerate directive:
Determines if a domain can be enumerated. This parameter can have one of the
TRUE = Users and groups are enumerated
FALSE = No enumerations for this domain
However when I start sssd with no cache and simulate an initgroups, it still seems to
many groups and user accounts.
I'm running sssd v1.8.4:
# pkill sssd
# pgrep sssd
# rm -f var/lib/sss/db/*
# grep enumerate /etc/sssd/sssd.conf
enumerate = FALSE
# grep ldap_access /etc/sssd/sssd.conf
# sbin/sssd -c /etc/sssd/sssd.conf
# su - myuser -c "groups | wc"
1 193 1181
# strings var/lib/sss/db/cache_AAA.BBB.CCC.ldb | grep OU=Groups,DC=aaa,DC=bbb,DC=ccc |
sort -u | wc -l
# strings var/lib/sss/db/cache_AAA.BBB.CCC.ldb | grep OU=Accounts,DC=aaa,DC=bbb,DC=ccc |
sort -u | wc -l
Sorry for my use of strings and sort -u, I don't know a better way to interrogate the
Why does it still enumerate so many users and groups (that are not me, and not in my
ldap_access_filter) when I log in? Even when
I have disabled domain enumeration?
This e-mail is sent by Suncorp Group Limited ABN 66 145 290 124 or one of its related
Suncorp may be contacted at Level 18, 36 Wickham Terrace, Brisbane or on 13 11 55 or at
The content of this e-mail is the view of the sender or stated author and does not
necessarily reflect the view of Suncorp. The content, including attachments, is a
confidential communication between Suncorp and the intended recipient. If you are not the
intended recipient, any use, interference with, disclosure or copying of this e-mail,
including attachments, is unauthorised and expressly prohibited. If you have received this
e-mail in error please contact the sender immediately and delete the e-mail and any
attachments from your system.