Currently, for the UI we are using a complex path to access Winbind which will eventually use MS-RPC and schannel against a trusted DC. This channel is already used for Netlogon operations and is fully serialized due to limitations of schannel.
We should probably switch to use direct LDAP searches against the Global Catalog instead, so that they can be parallelized and can be done directly by multiple processes w/o need of coordination.
As a part of prototype for not using winbindd for resolution, I actually implemented this ticket.
master: fc3834c
ipa-3-0: 4cf3c2d
Metadata Update from @simo: - Issue assigned to someone - Issue set to the milestone: FreeIPA 3.0.1 (bug fixing)
Login to comment on this ticket.