Learn more about these different git repos.
Other Git URLs
If enumeration is enable SSSD tries to update all users and groups at startup. As a result the startup time where SSSD is basically blocked and cannot serve requests even for data in the cache can be quite long. A new tevent_req task should be created which can read users and groups from the AD domain in smaller chunks so that other request can always slip in between. Ticket #1829 contains a similar request for the general use in SSSD. If we find a good scheme here, it might be used for the general enumerations as well.
The task should make sure all users and groups are read after a while without reading objects twice in a single run. Maybe it is possible to add a special paged-search tevent request which returns after the first page is read to the caller (instead of doing the paging behind the scenes) which the results and a handle which would allow to continue the the search with the next page? If this is a way to go creating this new request would be another development subtask.
Additionally it has to be considered how to handle large groups. But since we have to read all user as well it might be possible to just read the group memberships of the user and build up the groups in the SSSD cache and let the getgrp*() calls only return entries from the cache and never go to the server directly.
This new enumeration task will work independently of the NSS responder in the IPA provider. It should be started at startup but should terminate if there are no trusted domains. If later during a sub-domain lookup trusted domains are found it should be started again.
Fields changed
design: => https://fedorahosted.org/sssd/wiki/DesignDocs/IPAServerMode
A sub ticket of the 1.11 feature.
rhbz: => 0
Moving open tickets from 1.11 beta to 1.11 beta2
milestone: SSSD 1.11 beta => SSSD 1.11 beta 2
milestone: SSSD 1.11 beta 2 => SSSD 1.11 beta 3
owner: somebody => jhrozek status: new => assigned
patch: 0 => 1
resolution: => fixed status: assigned => closed
Metadata Update from @sbose: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.11.0
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3005
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.