Description
sssd: version 2.9.4
i used openLDAP,there is a user named user1. when there are much process running, following command will take much time.
sudo -u user1 ls /tmp
reproduce as following(total about 130 process running)
command:time sudo -u user1 ls /tmp
result:
real 0m0.027s
user 0m0.002s
sys 0m0.013s
run shell to creat more process
shell:
for i in seq 2000; do
sleep 100 &
done
after more process running,run command again
command:time sudo -u user1 ls /tmp
result:
real 0m0.087s
user 0m0.004s
sys 0m0.010s
pam config include:
-session optional pam_sss.so
when i comment that,The problem no longer exists。
following PR intruduced to reading /proc。it take much time enumerating running process to find uid especially when the uid does not exist。
d2424bf
I'm not quite sure if the issue is caused by the configuration。
Any help would be appreciated!
sssd.conf:
[sssd]
services = nss, pam
domains = LDAP
debug_level = 9
[domain/LDAP]
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
autofs_provider = ldap
ldap_schema = rfc2307bis
ldap_id_use_start_tls = false
ldap_tls_reqcert = never
enumerate = True
cache_credentials = True
ldap_uri = ldap://xxx:389
ldap_search_base = dc=my-domain,dc=com
timeout = 30
debug_level = 9
[nss]
homedir_substring = /home
enum_cache_timeout = 10
debug_level = 9
[pam]
offline_credentials_expiration = 1
debug_level = 9