[Freeipa-users] Slow ipa performance -- why so many ldap lookups ?
Jakub Hrozek
jhrozek at redhat.com
Fri Apr 5 13:02:53 UTC 2013
On Fri, Apr 05, 2013 at 02:42:33PM +0200, Jan-Frode Myklebust wrote:
> On Fri, Apr 05, 2013 at 08:19:21AM -0400, Dmitri Pal wrote:
> >
> > SELinux seems to be OK but the log definitely showing that not all users
> > are successfully stored in a group.
>
> Hmm.. I've noticed that in cn=$groupname,cn=groups,cn=accounts we have
> both "member" and "memberUid", but "member" often contains more entries
> than "memberUid". I've assumed that the "memberUid" was a legacy thing,
> and just not maintained anymore.. Is this what you're referring to ?
>
Are you referring to the entries in LDAP or the cache on disk?
> Or is it the storing of groups in the sssd-database that isn't
> successful ? Is this the intereseting entries? :
>
> (Fri Apr 5 13:46:09 2013) [sssd[be[example]]] [sdap_save_group] (0x0400): Storing info for group sos
> (Fri Apr 5 13:46:09 2013) [sssd[be[example]]] [sysdb_search_group_by_name] (0x0400): No such entry
> (Fri Apr 5 13:46:09 2013) [sssd[be[example]]] [sysdb_search_group_by_gid] (0x0400): No such entry
You can safely ignore the warnings, the SSSD simply tries to find the
group by both name and GID before saving the entry to determine if the
entry needs to be saved anew or updated.
More information about the Freeipa-users
mailing list