Terry, did you ever get to the bottom of this? I appear to be having a similar issue with the same version of IPA.
On Wed, Sep 4, 2013 at 1:18 PM, Terry Soucy <tso...@salesforce.com> wrote: > I am experiencing some long execution times, and I'm wondering if anyone > can give me some insight. > > We are running FreeIPA 3.0.0-26 on Redhat 6.1. We have multimaster > replication running among 4 hosts. We have approv 100 users, 25 usergroups > and hostgroups, and approx 2000 hosts in a single domain. We noticed that > some DNS queries were timing out periodically. When I investigated further, > I found several of the DNS requests in the access log > > [04/Sep/2013:13:42:24 -0300] conn=122491 op=3888679 SRCH > base="idnsName=compute- > 1.amazonaws.com,idnsname=prod.ca2.example.com,cn=dns,dc=example,dc=com" > scope=0 filter=" > (objectClass=idnsRecord)" attrs=ALL > [04/Sep/2013:13:42:44 -0300] conn=122491 op=3888679 RESULT err=32 tag=101 > nentri > es=0 etime=20 > > There are a lot of those, as expected, since we first noticed this issue > with DNS. > > Then I found this ... > > [04/Sep/2013:13:42:23 -0300] conn=368561 op=9 EXT > oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session" > [04/Sep/2013:13:42:44 -0300] conn=368561 op=9 RESULT err=0 tag=120 > nentries=0 etime=22 > > and lots of this ... > > [04/Sep/2013:13:42:26 -0300] conn=368604 op=0 BIND dn="" method=sasl > version=3 mech=GSSAPI > [04/Sep/2013:13:42:44 -0300] conn=368604 op=0 RESULT err=14 tag=97 > nentries=0 etime=18, SASL bind in progress > > > So, is my SASL bind causing the replication to go long, or is the > replication taking a long time and causing the hang? Is there a way I can > see the details of the replication? There is not a lot of changes going on > that require replication with regards to dns, users, hosts, etc, so I'm not > sure why it would take so long. Also, can I remove the SASL bind and just > add a replication user to the dse.ldif to remove the requirement for > kerberos for replication? > > Terry > -- > Terry Soucy - Systems Engineer > Salesforce MarketingCloud - http://www.salesforce.com > (o) 506.631.7445 (c) 506.609.3247 | (e) tso...@salesforce.com > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > -- The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
