[CentOS] selinux prohibiting sssd usage

Thu Aug 11 09:03:04 UTC 2011
John Hodrien <J.H.Hodrien at leeds.ac.uk>

On Thu, 11 Aug 2011, Michael Gliwinski wrote:

> On Wednesday 10 Aug 2011 18:59:14 Paul Heinlein wrote:
>> Oddly, when using sssd+ldap, getent without a specific key won't
>> return ldap account information, but with a key it will. That is,
>> "getent passwd" will return only accounts in the local /etc/passwd
>> database, but "getent passwd bob" will return ldap-supplied
>> information about user bo
>
> That is normal unless you have 'enumerate = true' for the LDAP domain in SSSD
> config file.  Note that SSSD manual warns that this may be slow for large
> installations (personally I haven't had a problem with it yet but only have <
> 200 posix users).

I can confirm that With tens of thousands it's cripplingly slow.

jh