LDAP: disable the cleanup task by default

Resolves: https://fedorahosted.org/sssd/ticket/2627 The cleanup task was designed to keep the cache size within certain limits. This is how it roughly works now: - find users who have never logged in by default. If account_cache_expiration is set, find users who loggged in later than account_cache_expiration - delete the matching set of users - find groups that have no members - delete the matching set of groups So unless account_cache_expiration is set to something sensible, only empty groups and expired users who never logged in are removed and that's quite a corner case. The above effectivelly walks the whole database, especially the groups step is quite slow with a huge database. The whole cleanup task also runs in a single sysdb transaction, which means all other transactions are blocked while the cleanup task crunches the database. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
author: Jakub Hrozek <jhrozek@redhat.com> 2015-04-28 13:16:51 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2015-05-12 11:25:21 +0200
commit: 601d193feba2d9859661b979c2a0d1d479d5cee8 (patch)
tree: e56a9162cf78f408ab61e1b33203d5d3bdfba795 /src/man/sssd-ldap.5.xml
parent: a50b229c8ea1e22c9efa677760b94d8c48c3ec89 (diff)
download: sssd-601d193feba2d9859661b979c2a0d1d479d5cee8.tar.gz
sssd-601d193feba2d9859661b979c2a0d1d479d5cee8.tar.xz
sssd-601d193feba2d9859661b979c2a0d1d479d5cee8.zip
1 files changed, 7 insertions, 2 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index 83ec9b668..9756a5547 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -719,10 +719,15 @@
                         </para>
                         <para>
                             Setting this option to zero will disable the
-                            cache cleanup operation.
+                            cache cleanup operation. Please note that if
+                            enumeration is enabled, the cleanup task is
+                            required in order to detect entries removed from
+                            the server and can't be disabled. By default,
+                            the cleanup task will run every 3 hours with
+                            enumeration enabled.
                         </para>
                         <para>
-                            Default: 10800 (3 hours)
+                            Default: 0 (disabled)
                         </para>
                     </listitem>
                 </varlistentry>
author	Jakub Hrozek <jhrozek@redhat.com>	2015-04-28 13:16:51 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2015-05-12 11:25:21 +0200
commit	601d193feba2d9859661b979c2a0d1d479d5cee8 (patch)
tree	e56a9162cf78f408ab61e1b33203d5d3bdfba795 /src/man/sssd-ldap.5.xml
parent	a50b229c8ea1e22c9efa677760b94d8c48c3ec89 (diff)
download	sssd-601d193feba2d9859661b979c2a0d1d479d5cee8.tar.gz sssd-601d193feba2d9859661b979c2a0d1d479d5cee8.tar.xz sssd-601d193feba2d9859661b979c2a0d1d479d5cee8.zip