[Freeipa-users] Slow ipa performance -- why so many ldap lookups ?
Jakub Hrozek
jhrozek at redhat.com
Mon Apr 8 12:31:13 UTC 2013
On Mon, Apr 08, 2013 at 12:40:53PM +0200, Jan-Frode Myklebust wrote:
> On Mon, Apr 08, 2013 at 12:26:43PM +0200, Jakub Hrozek wrote:
> >
> > I tried a similar case locally and everything worked for me. In the
> > domain log I saw:
> >
> > [sssd[be[idm.lab.bos.redhat.com]]] [be_pam_handler_callback] (0x0400): SELinux provider doesn't exist, not sending the request to it
> >
> > when I set selinux_provider=none.
> >
> > What exact SSSD version is this?
>
> sssd-1.8.0-32.el6.x86_64
>
Gotcha. For some reason I suspected that you were running 6.4.
The selinux handling was completely broken in 6.3, it simply doesn't
work. I haven't tried setting selinux_provider = none with the 6.3
packages, but I wouldn't be surprised if that was broken as well.
Please upgrade (at least the SSSD if not the whole system) to 6.4, the
issue is fixed there.
More information about the Freeipa-users
mailing list