CentOS 7 sssd with AD - getent passwd slow in response

Question

CentOS 7 + SSSD + AD

AD user is created through bash script. To confirm the AD user account is created I am using getent passwd <username>. It is not returning the user account created in AD immediately, but it is returning the user account after a minute or so when using the same getent passwd <username>.

Is there any config parameter to change in sssd.conf?

score 0 · Answer 1 · answered Oct 13 '17 at 08:44

0

This is expected, enumerating all users and storing them to the cache (with enumerate=True) is expensive and runs only periodically.

Running getent passwd $username should yield the user immediatelly, though.

answered Oct 13 '17 at 08:44

jhrozek

1,370
6
5

score 0 · Answer 2 · answered Oct 13 '17 at 08:44

Setting:

enumerate = true

will allow sssd to get all the valid user details and store them but comes at a price if you have a large number of users according to the man page for sssd.conf (Here's a link to it: https://linux.die.net/man/5/sssd.conf). From experience, we have 700+ and it's not a problem.

Also setting:

cache_credentials = true

should help, but should already be set. Details on same man page.

CentOS 7 sssd with AD - getent passwd slow in response

2 Answers2