[Freeipa-users] IPA - Password time outs / failures on trusted AD Users

[David Fischer]

Alexander,

I am getting the windows admin to refresh our DR AD setup and I should be able to give you an idea on some of our groups layouts.

So a quick understanding is that a single user can have 15-20+ groups those groups might have all users in them plus groups. The groups of groups can link back to groups that the user may have already assigned.
We do know that we have atleast one circular group in our environment.
I have used the 'ignore_group_members' with some success. Ref: https://jhrozek.wordpress.com/2015/08/19/performance-tuning-sssd-for-large-ipa-ad-trust-deployments/



-----Original Message-----
From: Alexander Bokovoy [mailto:abokovoy at redhat.com]
Sent: Tuesday, June 14, 2016 1:03 PM
To: David Fischer
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] IPA - Password time outs / failures on trusted AD Users

On Tue, 14 Jun 2016, David Fischer wrote:
>Alexander,
>One of the things I am seeing is that our AD has groups that are 5 deep
>and IPA is not able to enumerate all the groups  Is there away to help
>IPA in search depth or scope?
SSSD should be able to handle that. If not, show the logs that demonstrate specific issues with a model group.

--
/ Alexander Bokovoy

#####################################################################################
The information contained in this electronic mail message, including attachments, if any, is PetSmart confidential information.  It is intended only for the use of the person(s) named above.  If the reader of this message is not the intended recipient, or has received this message in error, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited.  If you are not the intended recipient or have received this message in error, please notify the sender via e-mail and promptly delete the original message.
#####################################################################################