<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 07/13/2012 11:46 AM, Loris Santamaria wrote:
<blockquote cite="mid:1342194394.1991.15.camel@toron.pzo.lgs.com.ve"
type="cite">
<pre wrap="">I have this test server with 8.000 entries, recently upgraded from 2.1.3
to 2.2.0 and I'm seeing some big slowdowns and I would like to know
where to look to debug them. The server is centos 6.3 with
ipa-server-2.2.0-16.el6.x86_64 and 389-ds-base-1.2.10.2-20.el6_3.x86_64
First of all in 2.2.0 ldapsearch with "-Y GSSAPI" is much slower than
using plain autentication:
</pre>
</blockquote>
Hm. The only difference would be a new kerberos driver.<br>
Please take a look at the KDC logs and see what is going on there.<br>
<br>
<blockquote cite="mid:1342194394.1991.15.camel@toron.pzo.lgs.com.ve"
type="cite">
<pre wrap=""># time ldapsearch -x uid=bdteg01662 dn
# extended LDIF
#
# LDAPv3
# base <dc=xxx,dc=gob,dc=ve> (default) with scope subtree
# filter: uid=bdteg01662
# requesting: dn
#
# bdteg01662, users, accounts, xxx.gob.ve
dn: uid=bdteg01662,cn=users,cn=accounts,dc=xxx,dc=gob,dc=ve
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
real 0m0.006s
user 0m0.001s
sys 0m0.003s
# time ldapsearch -Y GSSAPI uid=bdteg01662 dn
SASL/GSSAPI authentication started
SASL username: <a class="moz-txt-link-abbreviated" href="mailto:admin@XXX.GOB.VE">admin@XXX.GOB.VE</a>
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <dc=xxx,dc=gob,dc=ve> (default) with scope subtree
# filter: uid=bdteg01662
# requesting: dn
#
# bdteg01662, users, accounts, xxx.gob.ve
dn: uid=bdteg01662,cn=users,cn=accounts,dc=xxx,dc=gob,dc=ve
# search result
search: 4
result: 0 Success
# numResponses: 2
# numEntries: 1
real 0m2.344s
user 0m0.007s
sys 0m0.005s
As a consequence of this all of the ipa commands run a bit slow. But the
real slowdown is in the web interface, every search is terribly slow and
any search that returns more than 4 or 5 entries never completes, it
shows a dialogue that says just "Unknown error". In the dirsrv access
logs I see that the search completes in a short time and the apache
error log doesn't show any error whatsoever.
Note this is a test system, there are no other users of this server, and
the compat plugin is disabled.
</pre>
</blockquote>
<br>
IPA in 2.2 uses memcached and session caching so web UI should be
faster than in earlier versions.<br>
I wonder if the version of the memcached is misbehaving on CentOS
6.3.<br>
Can you please provide mode details on that front?<br>
Look at the httpd logs. There might be something that would give you
some hints about what is going on. <br>
<br>
<blockquote cite="mid:1342194394.1991.15.camel@toron.pzo.lgs.com.ve"
type="cite">
<pre wrap=""></pre>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>