We will drop the other stanzas and retest shortly.
We are not using nested groups and we already discussed switching to rfc2307 from rfc2307bis.
The txnlogs on the DSEE instance see a authenticated bind, nothing out of the normal. The server has no readwaiters, minimal connections.
From: "Jakub Hrozek" <jhrozek@redhat.com>
To: sssd-users@lists.fedorahosted.org
Sent: Tuesday, December 9, 2014 9:30:04 AM
Subject: Re: [SSSD-users] SSSD with Oracle DSEE
On Mon, Dec 08, 2014 at 08:45:00PM +0000, PATRICK wrote:
> Sanitized sssd.conf, please note enumerate is set to false and the all of the users POSIX attributes are still getting pulled down.
> [domain/default]
> debug_level = 5
> enumerate = False
> ldap_id_use_start_tls = True
> ldap_schema = rfc2307bis
> #ldap_search_base = dc=example,dc=com
> ldap_search_base = dc=example,dc=com?sub?|(host=myhost.mygroup.example.com)(host=ALL)
> krb5_realm = EXAMPLE.COM
> krb5_server = kerberos.example.com
> id_provider = ldap
> auth_provider = ldap
> chpass_provider = ldap
> ldap_uri = ldap://myldap.example.com:389
> cache_credentials = True
> ldap_tls_cacertdir = /etc/openldap/cacerts
> ldap_default_bind_dn = cn=proxyuser,ou=AdminUsers,dc=example,dc=com
> ldap_default_authtok_type = password
> ldap_default_authtok = XXXXXXXXXXXX
> access_provider=ldap
> ldap_access_filter = (|(host=myhost.mygroup.example.com)(host=ALL))
>
> [sssd]
> services = nss, pam
> config_file_version = 2
> debug_level = 5
> domains = default
> [nss]
> debug_level = 5
> [pam]
> debug_level = 5
You can drop the service stanzas other than [nss] and [pam] since you
only use nss and pam in the services line. Otherwise, the config file
looks good to me.
Do you still see a high load on the servers? Can you check the server
logs about the queries?
Do you use nested groups? Perhaps the queries you see is some
application calling getgrnam/getgrgid on a large group and recursing?
> [sudo]
> debug_level = 5
> [autofs]
> debug_level = 5
> [ssh]
> debug_level = 5
> [pac]
> debug_level = 5
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users