[Freeipa-users] sssd doesn't cache, as it seems
Harald Dunkel
harri at afaics.de
Fri Jan 20 17:14:35 UTC 2017
Hi folks,
I see a pretty large number of ldap requests sent by our git
server, asking for the same account info again and again.
Sometimes it asks 20 times per second for the same user info,
for example.
Obviously caching doesn't work. I remember some note in the
installation guide suggesting to turn of nscd and that sssd
takes over this job, so I wonder wth? A recent EMail in this
forum suggested to set selinux_provider = none, but this
didn't help.
Ipa server is Centos 7.3, client is on Jessie with sssd 1.13.4.
sssd.conf is attached, of course. Every helpful comment is highly
appreciated.
Harri
-------------- next part --------------
[domain/example.de]
debug_level = 0x0370
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = example.de
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ldap_tls_cacert = /etc/ipa/ca.crt
ipa_hostname = tisde8i005.ac.example.de
chpass_provider = ipa
ipa_server = _srv_, ipa1.example.de
dns_discovery_domain = example.de
selinux_provider = none
[sssd]
debug_level = 0x0370
services = nss, sudo, pam, ssh
config_file_version = 2
domains = example.de
[nss]
debug_level = 0x0370
homedir_substring = /home
[pam]
debug_level = 0x0370
[sudo]
[autofs]
[ssh]
debug_level = 0x0370
[pac]
[ifp]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170120/d1ba3cc8/attachment.sig>
More information about the Freeipa-users
mailing list