Hello ,

I am trying to configure sssd such that it will look cache first and not connect to server repeatedly my clients are on redhat 7.4 and server is on redhat 7.7. I had added 5000 clients to identity management. Load on the server is getting increasing. Thank you in advance.

following is the package version

[root@testclient3 ~]# rpm -qa ipa-client sssd-client
sssd-client-1.15.2-50.el7.x86_64
ipa-client-4.5.0-20.el7.x86_64

following is the sssd configuration file

[root@testclient3 ~]# cat /etc/sssd/sssd.conf
[domain/idm.licindia.com]

cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = idm.domain.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = testclient3.idm.domain.com
chpass_provider = ipa
ipa_server = srv, server1.idm.domain.com
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = nss, sudo, pam, ssh
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
domains = idm.domain.com
cache_first = adtest1@domain.com
[nss]
homedir_substring = /home
filter_groups = root
filter_users = root
reconnection_retries = 3
entry_cache_timeout = 300
entry_cache_nowait_percentage = 75
[pam]

[sudo]

[autofs]

[ssh]

[pac]

[ifp]

[secrets]

regards
jay