Learn more about these different git repos.
Other Git URLs
This ticket is based on an IRC discussion I had with @sbose, so the actual idea about what needs to be done is his.
When an IPA client looks up a user from an IPA server, the user with all their groups is looked up. The client would first do a REQ_FULL_WITH_MEMBERS s2n request for the user which returns the user entry and all their groups. Then, the client issues a REQ_FULL_WITH_MEMBERS s2n request for each group.
Because of historical reasons, where the s2n operations were only used to resolve a SID where it was not known if the SID belongs to a user or a group, the s2n request triggers a lookup on the server for a user first and only if a user is not found, a request for a group is tried.
This is not optimal especially in case there are many trusted domains, because every request must first iterate over the domain list looking for a user and then it would iterate over the domain list again looking for a group.
To improve the situation, Sumit suggested that the request is extended with an object type on the IPA side and the extdom plugin is also extended with to use this data to trigger the appropriate lookup on the IPA server.
Metadata Update from @jhrozek: - Issue assigned to jhrozek
Metadata Update from @jhrozek: - Assignee reset
Metadata Update from @jhrozek: - Issue tagged with: RFE, performance
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1555924
Issue linked to Bugzilla: Bug 1555924
Metadata Update from @jhrozek: - Issue priority set to: major (was: minor) - Issue set to the milestone: SSSD 2.0
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1555924, https://bugzilla.redhat.com/show_bug.cgi?id=1581041 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1555924)
Issue linked to Bugzilla: Bug 1581041
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 2.1 (was: SSSD 2.0)
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 2.2 (was: SSSD 2.1)
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 2.3 (was: SSSD 2.2)
Metadata Update from @thalman: - Issue tagged with: Canditate to close
I think that this has been implemented already.
Yes, this is fixed by your patch 469f1ac on the SSSD side and your related IPA patches.
bye, Sumit
Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfill this request I am closing the issue as wontfix.
If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.
Thank you for understanding.
Metadata Update from @pbrezina: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Metadata Update from @atikhonov: - Custom field design_review adjusted to on - Custom field mark adjusted to on - Custom field patch adjusted to on - Custom field review adjusted to on - Custom field sensitive adjusted to on - Custom field testsupdated adjusted to on - Issue status updated to: Open (was: Closed)
Metadata Update from @atikhonov: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Changed resolution status per this ^^ comment.
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4705
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.