<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#ffffff" text="#000000"> On 07/13/2012 11:46 AM, Loris Santamaria wrote: <blockquote cite="mid:1342194394.1991.15.camel@toron.pzo.lgs.com.ve" type="cite"> <pre wrap="">I have this test server with 8.000 entries, recently upgraded from 2.1.3 to 2.2.0 and I'm seeing some big slowdowns and I would like to know where to look to debug them. The server is centos 6.3 with ipa-server-2.2.0-16.el6.x86_64 and 389-ds-base-1.2.10.2-20.el6_3.x86_64 First of all in 2.2.0 ldapsearch with "-Y GSSAPI" is much slower than using plain autentication: </pre> </blockquote> Hm. The only difference would be a new kerberos driver. Please take a look at the KDC logs and see what is going on there. <blockquote cite="mid:1342194394.1991.15.camel@toron.pzo.lgs.com.ve" type="cite"> <pre wrap=""># time ldapsearch -x uid=bdteg01662 dn # extended LDIF # # LDAPv3 # base <dc=xxx,dc=gob,dc=ve> (default) with scope subtree # filter: uid=bdteg01662 # requesting: dn # # bdteg01662, users, accounts, xxx.gob.ve dn: uid=bdteg01662,cn=users,cn=accounts,dc=xxx,dc=gob,dc=ve # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 real 0m0.006s user 0m0.001s sys 0m0.003s # time ldapsearch -Y GSSAPI uid=bdteg01662 dn SASL/GSSAPI authentication started SASL username: <a class="moz-txt-link-abbreviated" href="mailto:admin@XXX.GOB.VE">admin@XXX.GOB.VE</a> SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base <dc=xxx,dc=gob,dc=ve> (default) with scope subtree # filter: uid=bdteg01662 # requesting: dn # # bdteg01662, users, accounts, xxx.gob.ve dn: uid=bdteg01662,cn=users,cn=accounts,dc=xxx,dc=gob,dc=ve # search result search: 4 result: 0 Success # numResponses: 2 # numEntries: 1 real 0m2.344s user 0m0.007s sys 0m0.005s As a consequence of this all of the ipa commands run a bit slow. But the real slowdown is in the web interface, every search is terribly slow and any search that returns more than 4 or 5 entries never completes, it shows a dialogue that says just "Unknown error". In the dirsrv access logs I see that the search completes in a short time and the apache error log doesn't show any error whatsoever. Note this is a test system, there are no other users of this server, and the compat plugin is disabled. </pre> </blockquote> IPA in 2.2 uses memcached and session caching so web UI should be faster than in earlier versions. I wonder if the version of the memcached is misbehaving on CentOS 6.3. Can you please provide mode details on that front? Look at the httpd logs. There might be something that would give you some hints about what is going on. <blockquote cite="mid:1342194394.1991.15.camel@toron.pzo.lgs.com.ve" type="cite"> <pre wrap=""></pre> <pre wrap=""> <fieldset class="mimeAttachmentHeader"></fieldset> _______________________________________________ Freeipa-users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> </blockquote> <pre class="moz-signature" cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? <a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a> </pre> </body> </html>