On 07/13/2012 11:46 AM, Loris Santamaria wrote: > I have this test server with 8.000 entries, recently upgraded from 2.1.3 > to 2.2.0 and I'm seeing some big slowdowns and I would like to know > where to look to debug them. The server is centos 6.3 with > ipa-server-2.2.0-16.el6.x86_64 and 389-ds-base-22.214.171.124-20.el6_3.x86_64 > > First of all in 2.2.0 ldapsearch with "-Y GSSAPI" is much slower than > using plain autentication: > Hm. The only difference would be a new kerberos driver. Please take a look at the KDC logs and see what is going on there.
> # time ldapsearch -x uid=bdteg01662 dn > # extended LDIF > # > # LDAPv3 > # base <dc=xxx,dc=gob,dc=ve> (default) with scope subtree > # filter: uid=bdteg01662 > # requesting: dn > # > > # bdteg01662, users, accounts, xxx.gob.ve > dn: uid=bdteg01662,cn=users,cn=accounts,dc=xxx,dc=gob,dc=ve > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > > real 0m0.006s > user 0m0.001s > sys 0m0.003s > > # time ldapsearch -Y GSSAPI uid=bdteg01662 dn > SASL/GSSAPI authentication started > SASL username: ad...@xxx.gob.ve > SASL SSF: 56 > SASL data security layer installed. > # extended LDIF > # > # LDAPv3 > # base <dc=xxx,dc=gob,dc=ve> (default) with scope subtree > # filter: uid=bdteg01662 > # requesting: dn > # > > # bdteg01662, users, accounts, xxx.gob.ve > dn: uid=bdteg01662,cn=users,cn=accounts,dc=xxx,dc=gob,dc=ve > > # search result > search: 4 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > > real 0m2.344s > user 0m0.007s > sys 0m0.005s > > As a consequence of this all of the ipa commands run a bit slow. But the > real slowdown is in the web interface, every search is terribly slow and > any search that returns more than 4 or 5 entries never completes, it > shows a dialogue that says just "Unknown error". In the dirsrv access > logs I see that the search completes in a short time and the apache > error log doesn't show any error whatsoever. > > Note this is a test system, there are no other users of this server, and > the compat plugin is disabled. > IPA in 2.2 uses memcached and session caching so web UI should be faster than in earlier versions. I wonder if the version of the memcached is misbehaving on CentOS 6.3. Can you please provide mode details on that front? Look at the httpd logs. There might be something that would give you some hints about what is going on. > > _______________________________________________ > Freeipa-users mailing list > Freeipafirstname.lastname@example.org > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users