slow login with sssd and ldap config

Stephen Gallagher sgallagh at
Thu Jun 10 11:58:55 UTC 2010

On 06/10/2010 07:39 AM, Eric Doutreleau wrote:
> thanks for your answer
> well i have the problem when i don't set up
> ldap_user_search_base and
> ldap_group_search_base
> but i discovered that ou=Groups,dc=int-evry,dc=fr contains nothing
> our posix group are elsewhere
> and when i put ldap_group_search_base with the good value i have the
> problem again
> i guess i have to talk to the ldap guy to see if the data are correctly
> indexed.
> do u know what i should index on group?

Actually, I'd really like to see what's going on that's causing the high 
CPU usage. Could you add 'debug_level = 9' to your /etc/sssd/sssd.conf, 
restart sssd, rerun your request and then tar up and send 
/var/log/sssd/*.log to me (feel free to sanitize any private data)

It sounds like what's happening is you're getting into a tight loop 
until eventually one of our internal timers kills the process off and 
restarts it.

It's possible you're hitting as well (which 
despite the description has nothing to do with Kerberos). A fix for that 
is available upstream, but I haven't packaged it for Fedora yet (it will 
be in the next package update, though)

Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.

More information about the users mailing list