diff options
author | Pavel Březina <pbrezina@redhat.com> | 2017-07-11 12:41:57 +0200 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2017-08-18 08:52:25 +0200 |
commit | a5f300adf19ec9c3087c62bd93a5175db799687a (patch) | |
tree | afb844609d6610e7dd4de048c264247f8f0ba3a4 /src/man | |
parent | dc5da74112bde32b0bd33d9304f7e94eb8ed2885 (diff) | |
download | sssd-a5f300adf19ec9c3087c62bd93a5175db799687a.tar.gz sssd-a5f300adf19ec9c3087c62bd93a5175db799687a.tar.xz sssd-a5f300adf19ec9c3087c62bd93a5175db799687a.zip |
sudo: add a threshold option to reduce size of rules refresh filter
If a large number of rules is expired at one time the ldap filter may
become too large to be processed by server. This commits adds a new
option "sudo_threshold" to sudo responder. If the threshold is
exceeded a full refreshed is done instead of rules refresh.
Resolves:
https://pagure.io/SSSD/sssd/issue/3478
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/sssd.conf.5.xml | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 7cd6ffd7a..7b5abebbf 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -1378,6 +1378,25 @@ pam_account_locked_message = Account locked, please contact help desk. </listitem> </varlistentry> </variablelist> + <variablelist> + <varlistentry> + <term>sudo_threshold (integer)</term> + <listitem> + <para> + Maximum number of expired rules that can be + refreshed at once. If number of expired rules + is below threshold, those rules are refreshed + with <quote>rules refresh</quote> mechanism. If + the threshold is exceeded a + <quote>full refresh</quote> of sudo rules is + triggered instead. + </para> + <para> + Default: 50 + </para> + </listitem> + </varlistentry> + </variablelist> </refsect2> <refsect2 id='AUTOFS' condition="with_autofs"> |