<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> More soft/anecdotal:<br> <br> When executing "sudo -i" or "sudo -iu" the first time, we can expect a several second delay before the command completes. If we then exit the session and re-execute the command, it will complete almost instantly. So whatever cache is holding this information, if we could increase its duration, that would certainly make our pain less. Is this a settable value?<br> <br> Entering a password into a screensaver is particularly painful. 10+ seconds before the screensaver will exit.<br> <br> We are looking at environmental possibilities, like interfaces and such. This machine is running on a VMware VM, but we've had success deploying IPA on VMs in the past, and our faster network is running VMs as well (with one physical box).<br> <br> <br> Bret<br> <br> <br> <div class="moz-cite-prefix">On 05/23/2014 08:15 AM, Bret Wortman wrote:<br> </div> <blockquote cite="mid:537F3BDC.2040504@damascusgrp.com" type="cite"> <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"> Collecting my various threads together under one big issue and adding this new data point:<br> <br> Our web UI on our slow network is exhibiting some strange behavior as well.<br> <br> When selecting, for example, the "Users", it can take up to 5 seconds to fetch 20 out of our 56 entries.<br> <br> When switching to "Hosts", it took 4 seconds for the footer to show that there would be 47 pages in total, then after 10 seconds total, the page loaded 20 of 939 entries. When I select a host, the previously-selected host will actually be displayed for upwards of 8-10 seconds (while the spinning cursor spins near the word Logout) until the host actually loads.<br> <br> Is it just me, or does this, plus everything else, start to sound like LDAP is struggling?<br> <br> I ran a test using ldapsearch in authenticated and unauthenticated mode from my workstation and here's what I found, which may tell us nothing:<br> <tt><br> </tt><tt># time ldapsearch -x -H -ldap://zsipa.foo.net base="uid=bretw,cn=users,cn=accounts,dc=foo,dc=net"</tt><tt><br> </tt><tt>:</tt><tt><br> </tt><tt>real 0m2.047s</tt><tt><br> </tt><tt>user 0m0.000s</tt><tt><br> </tt><tt>sys 0m0.001s</tt><tt><br> </tt><tt># time ldapsearch -Y GSSAPI -H <a moz-do-not-send="true" class="moz-txt-link-freetext" href="ldap://zsipa.foo.net">ldap://zsipa.foo.net</a> base="uid=bretw,cn=users,cn=accounts,dc=foo,dc=net"</tt><tt><br> </tt><tt>:</tt><tt><br> </tt><tt>real 0m2.816s</tt><tt><br> </tt><tt>user 0m0.004s</tt><tt><br> </tt><tt>sys 0m0.002s</tt><tt><br> <br> </tt>When I did this locally on the ipa master:<br> <tt><br> </tt><tt># ssh zsipa.foo.net</tt><tt><br> </tt><tt># time ldapsearch -Y GSSAPI base="uid=bretw,cn=uses,cn=accounts,dc=foo,dc=net"</tt><tt><br> </tt><tt>:</tt><tt><br> </tt><tt>real 0m0.847s</tt><tt><br> </tt><tt>user 0m0.007s</tt><tt><br> </tt><tt>sys 0m0.006s</tt><tt><br> </tt><tt>#</tt><tt><br> </tt><br> <br> <div class="moz-signature">-- <br> <div><b>Bret Wortman</b></div> <div><img src="cid:part2.09010006.05040002@damascusgrp.com" height="53/" width="200"><br> </div> <div><a moz-do-not-send="true" href="http://damascusgrp.com/">http://damascusgrp.com/</a><br> </div> <div><a moz-do-not-send="true" href="http://about.me/wortmanbret">http://about.me/wortmanbret</a><br> <br> </div> </div> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">_______________________________________________ Freeipa-users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> </blockquote> <br> </body> </html>