On 10/25/2012 06:38 PM, Paul B. Henson wrote:
On 10/25/2012 9:41 AM, Dmitri Pal wrote:
> BTW SSSD connects in an authenticated way.
I assume you mean it supports connecting with authentication;
considering I have provided it no credentials I would be surprised and
disconcerted if it was doing anything other than an anonymous bind in
my current deployment :).
This is strange. By default SSSD prefers strong authentication methods
like GSSAPI and you really need to twist its arms to go with anonymous
bind. It might not be the default for the LDAP provider (provider is
SSSD component that actually talks to DS) though... only for the
advanced providers like IPA and AD.
> I might not have been clear. 1.9.2 is coming in RHEL 6.4 as a supported
> rpm so if it solves the problem for you it will show up in several
> months and might save everybody some time and effort.
Ah, I did not realize that. I did try 1.9.2 and it does have
drastically improved performance which should be sufficient for our
deployment. I'll update our ticket and request early access to the
1.9.2 rpm for our prototyping and testing.
Great. But patches welcome too ;-)
> As was mentioned in other mails we have this request in plans but if
> 1.9.2 works for you you might not need to do the work.
For efficiency I'd still prefer just not processing the members, even
if the delay to do so isn't unworkable. If no one else is working that
RFE we might take a crack at it anyways...
Perfect!
> Yes I am from Red Hat and you filing the ticket would help me to help
> our support to learn how better handle cases like this in future.
The case number is 00727783 if you wanted to take a look at it.
Completely off-topic, but 00728171 is another example of why I bang my
head against the wall when I open support tickets -- the mcelog
shipped with RHEL6 is broken on amd family 15 CPU's. In the ticket, I
clearly state I'm using a family 15 CPU, that it worked perfectly
under RHEL5, and provide a link to an upstream patch to fix the
problem. Support's response -- a link to a KB article explaining that
amd family *16* CPU's are not supported by mcelog 8-/.
Anyway, thanks for your help; much appreciated...
Thanks for the info.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/