Chapitre 8. Tuning SSSD performance for large IdM-AD trust deployments

PDF

Retrieving user and group information is a very data-intensive operation for the System Security Services Daemon (SSSD), especially in an IdM deployment with a trust to a large Active Directory (AD) domain. You can improve this performance by adjusting which information SSSD retrieves from identity providers and for how long.

8.1. Tuning SSSD in IdM servers for large IdM-AD trust deployments

This procedure applies tuning options to the configuration of the SSSD service in an IdM server to improve its response time when retrieving information from a large AD environment.

Conditions préalables

Vous devez disposer des autorisations root pour modifier le fichier de configuration /etc/sssd/sssd.conf.

Procédure

Ouvrez le fichier de configuration /etc/sssd/sssd.conf dans un éditeur de texte.
Add the following options to the [domain] section for your Active Directory domain. If you do not already have a domain section for your AD domain, create one.
```
[domain/ad.example.com]
ignore_group_members = true
subdomain_inherit = ignore_group_members
...
```
Save and close the /etc/sssd/sssd.conf file on the server.
Redémarrez le service SSSD pour charger les modifications de configuration.
```
[root@client ~]# systemctl restart sssd
```

Ressources supplémentaires

Options for tuning SSSD in IdM servers and clients for large IdM-AD trust deployments

Chapitre 8. Tuning SSSD performance for large IdM-AD trust deployments

8.1. Tuning SSSD in IdM servers for large IdM-AD trust deployments

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Rendre l’open source plus inclusif

À propos de Red Hat

Red Hat legal and privacy links

Red Hat legal and privacy links