Red Hat Bugzilla – Bug 681562
id -G group resolution takes extremely long
Last modified: 2011-09-28 17:14:26 EDT
Description of problem:
takes more than 8 minutes.
id -G $USERNAME is fast.
It seems id $USERNAME first looks up the list of groups (like 'id -G') and then requests all of the groups (and nested groups) associated with that account, as well as ALL the users in any of those groups.
Instead, sssd should only look up the groups and the LIST of users in those
groups (and not also grabbing the full set of data on those users).
This issue it tracked upstream in https://fedorahosted.org/sssd/ticket/799 .
any update on that?
(In reply to comment #2)
> any update on that?
Yes, the fix I did for the issue originally (downloading and saving just the minimal amount of data) did not bring as much speedup as I had hoped for. So we decided to do one more optimization - if the server supports a dereference search (OpenLDAP, 389DS) or ASQ (Active Directory), use it to get all members in a single LDAP request.
Unfortunately doing this right is much more work, so it is taking longer than originally expected. But this bug one of the blockers for 1.6, so it definitely should make that release.
sssd-1.6.0-2.fc16, libtevent-0.9.13-1.fc16, libldb-1.1.0-1.fc16 has been submitted as an update for Fedora 16.
sssd-1.6.0-2.fc16, libtevent-0.9.13-1.fc16, libldb-1.1.0-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.