On Tue, Oct 07, 2014 at 05:15:35PM +0200, François Dagorn wrote:
Le 07/10/2014 17:11, John Hodrien a écrit :
> On Tue, 7 Oct 2014, François Dagorn wrote:
>
>> Attached the log file with debug=9 and also our sssd.conf.
>
> Do you have a really good reason to enable enumerate?
>
John,
I've a reason, not so good indeed, without enumerate lightdm does not work !
Wow, if they rely on getpwent() and friends, then I would call lightdm
broken, sorry.. I guess using something like utmp and providing a button
to type in the username would be much better..
One thing that might help you is enabling some kind of lastUSN attribute or
similar on the server. I don't remember if OpenLDAP has this by default,
but using lastUSN might decrease the amount of data that is fetched from
the server..
Alternatively, you might want to play with the ldap search bases to set
some filter that would match fewer entries (be careful to only use
indexed attributes, otherwise a custom query might thrash the server
side performance as well)