Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

Sync from "Extern...

XML

Word

Printable

Type: Story
Resolution: Unresolved
Priority: Major
Fix Version/s: rhel-10.3
Affects Version/s: rhel-8.10.z, rhel-9.8, rhel-10.2
Component/s: sssd
Labels:
None

Severity:
Important

AssignedTeam:
rhel-idm

Story Points:
None
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Git Pull Request:
https://github.com/SSSD/sssd/pull/8447, https://github.com/SSSD/sssd/pull/8454
Preliminary Testing:
None
Test Coverage:
None

ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

When user is a member of many groups (think of 5k or more), handling of `BE_REQ_INITGROUPS` (triggered by, for example, `id $user`) by generic SSSD LDAP backend (this ticket is specifically about RFC2307 setup, i.e. no nested groups) takes extremely long time (can be several mins). With membership large enough this can even exceed `SBUS_MESSAGE_TIMEOUT`, making 'sssd_nss' to abort client's request (so `id` returns nothing).

The purpose of this ticket is to track measurable performance improvements of described scenario.

is cloned by

RHEL-150439 Poor performance of `BE_REQ_INITGROUPS` handling by 'sssd_be' (LDAP RFC2307, no nested groups) [rhel-9]

Planning

Assignee:: SSSD Maintainers

Reporter:: Alexey Tikhonov

Developer:: Alexey Tikhonov

QA Contact:: Shridhar Gadekar

Doc Contact:: Louise McGarry

Votes:: 1 Vote for this issue

Watchers:: 14 Start watching this issue

Created:: 2026/01/21 11:35 AM

Updated:: 2026/02/18 5:10 PM

Stale Date:: 2027/02/17

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates