Hi. I recently created this issue - https://github.com/389ds/389-ds-base/issues/6020
Maybe github is not the place for such general questions so I repost it here. In our deployments we have a lot of production environment for out clients. For granular access every client is placed into separate group (in github issue picture analogue is group-test-<num>) for which HBACs and SUDO rules applied.
But our support team need access all those environments, so support members are placed into the group team-support-l2 which automatically added as a member of every clients group (github issue analogue is user-group). Right now I basically expierience inability to add users to team-support-l2 because it hangs ldap server completly for several minutes, making every freeipa service that depends on ns-slapd inaccessible.
Are we doing something wrong in a way we are setting our group membership? Or should it work just fine with such number of groups?
Problem is the same for 389-ds-base-1.4.3 deployments and 389-ds-base-2.2.3 deployments.
--
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
No comments:
Post a Comment