sssd equivilent of nss_ldap nss_getgrent_skipmembers
Issue
How do I make sssd not look up the members of groups, but just perform a gid<->name mapping as was possible with nss_ldap?
Also, it seems any other lookups are blocked while the long running query for the group membership is performed, resulting in timeouts and failed lookups.
Our groups with many members take ridiculously long to resolve:
# time getent group members
[...]
real 1m29.589s
user 0m0.006s
sys 0m0.003s
# time getent group students
[...]
real 0m44.735s
user 0m0.007s
sys 0m0.002s
And people in those group are severely impacted:
# time id -a cpcrudo
[...]
real 2m14.719s
Environment
- Red Hat Enterprise Linux 6
- sssd 1.8/1.9
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
