slow login with sssd and ldap config

Stephen Gallagher sgallagh at redhat.com
Thu Jun 10 11:58:55 UTC 2010


On 06/10/2010 07:39 AM, Eric Doutreleau wrote:
> thanks for your answer
> well i have the problem when i don't set up
> ldap_user_search_base and
> ldap_group_search_base
> but i discovered that ou=Groups,dc=int-evry,dc=fr contains nothing
> our posix group are elsewhere
> and when i put ldap_group_search_base with the good value i have the
> problem again
> i guess i have to talk to the ldap guy to see if the data are correctly
> indexed.
> do u know what i should index on group?
>


Actually, I'd really like to see what's going on that's causing the high 
CPU usage. Could you add 'debug_level = 9' to your /etc/sssd/sssd.conf, 
restart sssd, rerun your request and then tar up and send 
/var/log/sssd/*.log to me (feel free to sanitize any private data)

It sounds like what's happening is you're getting into a tight loop 
until eventually one of our internal timers kills the process off and 
restarts it.

It's possible you're hitting 
https://bugzilla.redhat.com/show_bug.cgi?id=591873 as well (which 
despite the description has nothing to do with Kerberos). A fix for that 
is available upstream, but I haven't packaged it for Fedora yet (it will 
be in the next package update, though)

-- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/


More information about the users mailing list