Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 916997
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Description of problem:
A customer has a large user group containing 80.000+ users. When getgrgid is run
during login, it takes too long to download the full list of group members from
the Active directory LDAP server. This results in nss timing out after 58
seconds. Login succeeds, but it takes upto 5 minutes to complete.
This is also the case when listing a directory containing files whose group
owner is the large user group, and when running `getent group
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create a large user group containing 80000 users.
2. getent group <large_user_group>
the getgrnam / getgrgid calls take 58 seconds to timeout.
the getgrnam / getgrgid calls should return reasonably quickly.
See following comments.
The short term fix would be to provide a new configuration option to limit the number of group members processed (or turn the range retrieval option off completely).
Long term handling of large requests is now tracked in ticket #1829
design_review: => 0
milestone: NEEDS_TRIAGE => SSSD 1.9.5
testsupdated: => 0
milestone: SSSD 1.9.5 => SSSD 1.10.0
review: => 0
rhbz: [https://bugzilla.redhat.com/show_bug.cgi?id=916997 916997] => [https://bugzilla.redhat.com/show_bug.cgi?id=916997 916997] [https://bugzilla.redhat.com/show_bug.cgi?id=928807 928807]
owner: somebody => lslebodn
patch: 0 => 1
status: new => assigned
Moving to 1.10 beta as this enhancement requires a string change.
milestone: SSSD 1.10.0 => SSSD 1.10 beta
resolution: => fixed
status: assigned => closed
changelog: => A new configuration option ldap_disable_range_retrieval was added that lets the administrator disable the range retrievals and hence avoid downloading very large groups.
Metadata Update from @jhrozek:
- Issue assigned to lslebodn
- Issue set to the milestone: SSSD 1.10 beta
to comment on this ticket.