-
Bug
-
Resolution: Unresolved
-
Undefined
-
rhel-8.8.0, rhel-9.6
-
None
-
No
-
Moderate
-
rhel-idm
-
None
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
-
x86_64
-
None
Latest version of sssd included with el9.6 and rhel 8.8 can take many seconds to complete an evaluation of the cache of enumerated users. This was previously a quick operation.
Some legacy application require us to have user enumeration enabled so disabling enumeration is not an option at this time.
The change in behaviour can be traced to this commit:
https://github.com/SSSD/sssd/commit/acfe3b292ffd75aeb0c79cc706b024a657e1ffaa
There is an issue associated with this on the sssd github
https://github.com/SSSD/sssd/issues/6951
It would appear to be a problem with the filter being used.
The patch included in that discussion returns performance to previous levels.
Expected behaviour:
$ time getent passwd | wc -l
5038
real 0m0.192s
user 0m0.004s
sys 0m0.003s
Actual behaviour
$ time getent passwd | wc -l
5020
real 0m26.601s
user 0m0.007s
sys 0m0.001s
This delay is sometimes long enough to trigger the watchdog for the sssd nss process.
