[Freeipa-users] Can too many group memberships for an AD user cause SSSD or IPA problems?
Chris Dagdigian
dag at sonsorol.org
Fri Feb 3 14:54:01 UTC 2017
I've got a case where "id <user>@AD-DOMAIN" hangs forever after
partially resolving and I think it may because they are in way too many
AD groups?
The 'id' command resolve the user but hangs before completing. There is
a large amount of group data returned from the AD forest for this user
and the 'id' command seems to pause/hang right at the 3024th character
returned.
Looking for pointers / tips. I'm thinking the AD user is in way too many
groups but I don't know if this is a real limit or what the limit may
be. Any other reason why an 'id' command may start to work but hang
before completion for an AD-defined user?
Regards,
Chris
More information about the Freeipa-users
mailing list