Bug 1870178

Summary: sssd enum_files_users causes service timeout with 150k users
Product: Red Hat Enterprise Linux 8 Reporter: Striker Leggette <striker>
Component: sssdAssignee: Sumit Bose <sbose>
Status: CLOSED DUPLICATE QA Contact: sssd-qe <sssd-qe>
Severity: high Docs Contact:
Priority: high    
Version: 8.4CC: aheverle, atikhono, dpal, grajaiya, jhrozek, lslebodn, mzidek, pbrezina, sbose, tscherf
Target Milestone: rc   
Target Release: 8.0   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-15 17:01:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Striker Leggette 2020-08-19 13:27:00 UTC 
[+] Description of problem:
 - When using SSSD with "id_provider = files", the SSSD service will time out during enum_files_users when there is 150k+ local users.

[+] Version-Release number of selected component (if applicable):
 - sssd-2.2.3-20.el8.x86_64

[+] How reproducible:
 - Always

[+] Steps to Reproduce:
 1. Create 150k local users
 2. Configure sssd.conf for files id provider and krb5 auth provider
 3. Start SSSD service

[+] Actual results:
 - SSSD service times out
 - Authentication takes a long time to complete
 - 'id', 'ls' and similar commands time out

[+] Expected results:
 - Since pam_krb5.so has been removed in favor of only using SSSD, SSSD should be able to perform the same exact function in some way without any sort of 'caching'

[+] Additional info:
 1. We've set "pwfield = *" within [nss]
 2. We've set "enable_files_domain = false" within [sssd]
 3. We've set "TimeoutStartUSec" in /etc/systemd/system/sssd.service to 10m.
Comment 2 Sumit Bose 2020-08-19 14:08:30 UTC 
Hi,

have you tried to use

    id_provider = proxy
    proxy_lib_name = files

instead of 'id_provider = files' for this use-case?

HTH

bye,
Sumit
Comment 12 Alexey Tikhonov 2020-10-15 17:01:10 UTC 

*** This bug has been marked as a duplicate of bug 1693379 ***