On Thu, Jul 12, 2018 at 10:54:55AM +0300, Alexander Bokovoy via FreeIPA-users wrote: > On to, 12 heinä 2018, tolotos--- via FreeIPA-users wrote: > > Hi, > > > > we have done some additional testing and debugging. > > > > It seems there some problems with the extdom-extop plugin in the directory > > server. > > > > If we set ignore_group_members, the first request get a good response. > > (tested by: server: sssctl cache-remove -p -s -o ; sleep 1; stop-dirsrv ; > > sleep 1; start-dirsrv / client: sssctl cache-remove -p -s -o ; sleep 1; > > sssctl user-checks [email protected]) > > > > However, starting with the second requests the extdom-extop returns every > > request with an err=32 Object Not Found. > > > > We already tried to increase ipaextdommaxnssbufsize and > > ipaextdommaxnsstimeout. > > (we increased error log level on dirsrv to be sure that the values are > > used: Maximal nss buffer size set to [268435456]! / Maximal nss timeout (in > > ms) set to [100000]!) > > > > Someone some ideas where to look from here? > Setting ignore_group_members on IPA masters does not really allow extdom > plugin to work well.
Are you sure? I've seen quite a few users enabling this switch.. (Maybe you meant the compat tree which also publishes the group members?) > > However, did you try to increase timeouts in sssd on IPA master? Extdom > plugin calls out to SSSD on IPA master when any request comes to it via > LDAP extended operation. So the plugin itself doesn't really do > anything, sssd on IPA master does all the heavy lifting. Extdom plugin > only translates an anwer given by SSSD. _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]/message/Q5BO5IFAFG4NXMX62ZIM3N7KFXIO23SE/
