Why enumeration is not recommended on sssd domain definitions?

Solution Verified - Updated -


  • In sssd domains there is an option to define whether sssd will enumerate all the entries of that domain or not. Why it is recommended to not enable it?
  • id and getent command taking too much time to show/display/fetch/resolve users(uid) and groups(gid) information after configuring/enabling/setting enumeration in sssd.conf as:

    enumerate = true


  • Red Hat Enterprise Linux
  • sssd

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In