#1963 [RFE] Implement or Improve enumeration
Closed: Fixed None Opened 6 years ago by sbose.

If enumeration is enable SSSD tries to update all users and groups at startup. As a result the startup time where SSSD is basically blocked and cannot serve requests even for data in the cache can be quite long. A new tevent_req task should be created which can read users and groups from the AD domain in smaller chunks so that other request can always slip in between. Ticket #1829 contains a similar request for the general use in SSSD. If we find a good scheme here, it might be used for the general enumerations as well.

The task should make sure all users and groups are read after a while without reading objects twice in a single run. Maybe it is possible to add a special paged-search tevent request which returns after the first page is read to the caller (instead of doing the paging behind the scenes) which the results and a handle which would allow to continue the the search with the next page? If this is a way to go creating this new request would be another development subtask.

Additionally it has to be considered how to handle large groups. But since we have to read all user as well it might be possible to just read the group memberships of the user and build up the groups in the SSSD cache and let the getgrp*() calls only return entries from the cache and never go to the server directly.

This new enumeration task will work independently of the NSS responder in the IPA provider. It should be started at startup but should terminate if there are no trusted domains. If later during a sub-domain lookup trusted domains are found it should be started again.


A sub ticket of the 1.11 feature.

rhbz: => 0

Moving open tickets from 1.11 beta to 1.11 beta2

milestone: SSSD 1.11 beta => SSSD 1.11 beta 2

Fields changed

milestone: SSSD 1.11 beta 2 => SSSD 1.11 beta 3

Fields changed

owner: somebody => jhrozek
status: new => assigned

Fields changed

patch: 0 => 1

resolution: => fixed
status: assigned => closed

Metadata Update from @sbose:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.11.0

2 years ago

Login to comment on this ticket.

Metadata