[Freeipa-users] sssd doesn't cache, as it seems
Simo Sorce
simo at redhat.com
Fri Jan 20 17:42:52 UTC 2017
On Fri, 2017-01-20 at 18:14 +0100, Harald Dunkel wrote:
> Hi folks,
>
> I see a pretty large number of ldap requests sent by our git
> server, asking for the same account info again and again.
> Sometimes it asks 20 times per second for the same user info,
> for example.
>
> Obviously caching doesn't work.
Is your server being used for authentication ?
SSSD, by default, always refreshes user credentials on authentication,
but you can use the cached_auth_timeout setting to relax this
requirement in SSSD, and reduce the roundtrips for auth attempts.
HTH,
Simo.
> I remember some note in the
> installation guide suggesting to turn of nscd and that sssd
> takes over this job, so I wonder wth? A recent EMail in this
> forum suggested to set selinux_provider = none, but this
> didn't help.
>
> Ipa server is Centos 7.3, client is on Jessie with sssd 1.13.4.
>
>
> sssd.conf is attached, of course. Every helpful comment is highly
> appreciated.
>
> Harri
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list