Chapitre 8. Tuning SSSD performance for large IdM-AD trust deployments
Retrieving user and group information is a very data-intensive operation for the System Security Services Daemon (SSSD), especially in an IdM deployment with a trust to a large Active Directory (AD) domain. You can improve this performance by adjusting which information SSSD retrieves from identity providers and for how long.
8.1. Tuning SSSD in IdM servers for large IdM-AD trust deployments
This procedure applies tuning options to the configuration of the SSSD service in an IdM server to improve its response time when retrieving information from a large AD environment.
Conditions préalables
-
Vous devez disposer des autorisations
root
pour modifier le fichier de configuration/etc/sssd/sssd.conf
.
Procédure
-
Ouvrez le fichier de configuration
/etc/sssd/sssd.conf
dans un éditeur de texte. Add the following options to the
[domain]
section for your Active Directory domain. If you do not already have a domain section for your AD domain, create one.[domain/ad.example.com] ignore_group_members = true subdomain_inherit = ignore_group_members ...
-
Save and close the
/etc/sssd/sssd.conf
file on the server. Redémarrez le service SSSD pour charger les modifications de configuration.
[root@client ~]# systemctl restart sssd
Ressources supplémentaires