[Freeipa-devel] [PATCH 0038] increase NSS memcache timeout for IPA server
Lukas Slebodnik
lslebodn at redhat.com
Wed May 27 11:33:54 UTC 2015
On (27/05/15 13:25), Martin Babinsky wrote:
>https://fedorahosted.org/freeipa/ticket/4964
>
>--
>Martin^3 Babinsky
>From ef8481ee0267a720551832baae9398b435b3c6c5 Mon Sep 17 00:00:00 2001
>From: Martin Babinsky <mbabinsk at redhat.com>
>Date: Tue, 26 May 2015 18:11:08 +0200
>Subject: [PATCH] increase NSS memcache timeout for IPA server
>
>Increasing memcache timeout to 600 seconds when configuring sssd on IPA server
>should improve performance when dealing with large groups in trusts.
>
>https://fedorahosted.org/freeipa/ticket/4964
>---
> ipa-client/ipa-install/ipa-client-install | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
>diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
>index 63e3c9800791f3d29c977d63815c4291f5a235b9..ab3bc8a652dad01b9db5a26b877f38b850cb07f1 100755
>--- a/ipa-client/ipa-install/ipa-client-install
>+++ b/ipa-client/ipa-install/ipa-client-install
>@@ -1274,6 +1274,15 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options, clie
> # the master should only use itself for Kerberos
> domain.set_option('ipa_server', cli_server[0])
>
>+ # increase memcache timeout to 10 minutes when in server mode
>+ try:
>+ nss_service = sssdconfig.get_service('nss')
>+ except SSSDConfig.NoServiceError:
>+ nss_service = sssdconfig.new_service('nss')
>+
>+ nss_service.set_option('memcache_timeout', 600)
>+ sssdconfig.save_service(nss_service)
>+
NACK
It should not be set to such high value for each client.
It should be configured if and only if sssd is in the ipa-server mode
(trust with AD)
LS
More information about the Freeipa-devel
mailing list