[Freeipa-users] Timeout (?) issues
Rich Megginson
rmeggins at redhat.com
Tue Sep 17 14:01:39 UTC 2013
On 09/16/2013 07:57 PM, Dmitri Pal wrote:
> On 09/16/2013 12:02 PM, KodaK wrote:
>> Yet another AIX related problem:
>>
>> The AIX LDAP client is called secldapclntd (sure, they could make it
>> more awkward, but the budget ran out.) I'm running into the issue
>> detailed here:
>>
>> http://www-01.ibm.com/support/docview.wss?uid=isg1IV11344
>>
>> "If an LDAP server fails to answer an LDAP query, secldapclntd caches
>> the non-answered query negatively. This may happen if the LDAP server
>> is down for example. After the LDAP server is back again secldapclntd
>> will use the negative cache entry and the application initiating the
>> original query will still fail until the cache entry expires."
>>
>> IBM is working on porting the fix to our specific TL and SP levels.
>>
>> What I'm concerned with here, though, is *why* is it timing out? I
>> don't know what the current timeout values are (AIX sucks, etc.)
>>
>> I don't see timeout issues on my Linux boxes, which leads me to
>> believe that either the sssd timouts are longer or that sssd is just
>> more robust when dealing with timeouts.
>>
>> I believe I'm seeing similar behavior with LDAP sudo on AIX as well,
>> because I occasionally have to re-run sudo commands because they
>> initially fail (and I know I'm using the right passwords.) However,
>> sudo doesn't appear to have a cache (or it handles caching better.)
>>
>> Does anyone have any troubleshooting suggestions? Any general "speed
>> things up" suggestions on the IPA side?
>>
>> Thanks,
>>
>> --Jason
>>
>> --
>> The government is going to read our mail anyway, might as well make
>> it tough for them. GPG Public key ID: B6A1A7C6
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> Is the server FreeIPA?
> Can see in the server logs what is actually happening is it the server
> that really takes time or there is a network connectivity issue or FW
> is dropping packets?
> I would really start with the server side logs.
As far as 389 goes, run logconv.pl against the access logs in
/var/log/dirsrv/slapd-DOMAIN-COM
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130917/d9e6227a/attachment.htm>
More information about the Freeipa-users
mailing list