More soft/anecdotal:

When executing "sudo -i" or "sudo -iu" the first time, we can expect a several second delay before the command completes. If we then exit the session and re-execute the command, it will complete almost instantly. So whatever cache is holding this information, if we could increase its duration, that would certainly make our pain less. Is this a settable value?


Entering a password into a screensaver is particularly painful. 10+ seconds before the screensaver will exit.

We are looking at environmental possibilities, like interfaces and such. This machine is running on a VMware VM, but we've had success deploying IPA on VMs in the past, and our faster network is running VMs as well (with one physical box).


Bret


On 05/23/2014 08:15 AM, Bret Wortman wrote:
Collecting my various threads together under one big issue and adding this new data point:

Our web UI on our slow network is exhibiting some strange behavior as well.

When selecting, for example, the "Users", it can take up to 5 seconds to fetch 20 out of our 56 entries.

When switching to "Hosts", it took 4 seconds for the footer to show that there would be 47 pages in total, then after 10 seconds total, the page loaded 20 of 939 entries. When I select a host, the previously-selected host will actually be displayed for upwards of 8-10 seconds (while the spinning cursor spins near the word Logout) until the host actually loads.

Is it just me, or does this, plus everything else, start to sound like LDAP is struggling?

I ran a test using ldapsearch in authenticated and unauthenticated mode from my workstation and here's what I found, which may tell us nothing:

# time ldapsearch -x -H -ldap://zsipa.foo.net base="uid=bretw,cn=users,cn=accounts,dc=foo,dc=net"
:
real    0m2.047s
user   0m0.000s
sys     0m0.001s
# time ldapsearch -Y GSSAPI -H ldap://zsipa.foo.net base="uid=bretw,cn=users,cn=accounts,dc=foo,dc=net"
:
real    0m2.816s
user   0m0.004s
sys     0m0.002s

When I did this locally on the ipa master:

# ssh zsipa.foo.net
# time ldapsearch -Y GSSAPI base="uid=bretw,cn=uses,cn=accounts,dc=foo,dc=net"
:
real    0m0.847s
user   0m0.007s
sys     0m0.006s
#


--
*Bret Wortman*

http://damascusgrp.com/
http://about.me/wortmanbret



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to