#3661 autofs/LDAP should have the option not to enumerate maps (enhancement)
Closed: wontfix a year ago by pbrezina. Opened 3 years ago by nxg.

At present, autofs/LDAP enumerates an entire automount map when it starts up. This creates problems when those maps are large enough to hit an LDAP server query limit.

A workaround is to have the SSS daemon use a particular DN to bind, which has an increased query limit, but since the system otherwise appears to work using anonymous binds, this workaround adds administrative overhead, and so is unattractive.

The documentation for the enumerate option in sssd.conf(5) notes that ‘For the reasons cited above, enabling enumeration is not recommended, especially in large environments’, but this appears to apply only to the context of user entries in the LDAP server, and appears not to have any effect on autofs map queries (or I'm missing some documentation). At any rate, I do have enumerate=false in my sssd.conf, and I'm still seeing the whole-map enumeration.

For example, in our case, we have users’ homes automounted to /home/<username>, so that the auto.home map is the same size as the uid map (it might be that this is seen as an eccentric layout, but it was the autofs/NIS layout recommended by Sun in the 90s, when our local layout was first designed, so it might be reasonably widespread).

Metadata Update from @pbrezina:
- Issue tagged with: Canditate to close

a year ago

Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfill this request I am closing the issue as wontfix.

If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.

Thank you for understanding.

Metadata Update from @pbrezina:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

a year ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4681

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.