[Freeipa-users] IPA - Password time outs / failures on trusted AD Users
Alexander Bokovoy
abokovoy at redhat.com
Wed Jun 15 06:52:36 UTC 2016
On Tue, 14 Jun 2016, David Fischer wrote:
>Alexander,
>
>I am getting the windows admin to refresh our DR AD setup and I should
>be able to give you an idea on some of our groups layouts.
>
>So a quick understanding is that a single user can have 15-20+ groups
>those groups might have all users in them plus groups. The groups of
>groups can link back to groups that the user may have already assigned.
>We do know that we have atleast one circular group in our environment.
>I have used the 'ignore_group_members' with some success. Ref:
>https://jhrozek.wordpress.com/2015/08/19/performance-tuning-sssd-for-large-ipa-ad-trust-deployments/
That article is what Jakub and I wrote. Jakub may have more suggestions
and there are some improvements in recent SSSD releases in RHEL 7.2.4.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list