Hello, I ran into an issue/problem with keystone and it is ok to simply tell me to "don't do that", but I am wondering how others approach this problem.
I have the keystone H-2 split backend code connected the HP Enterprise Directory which is humongous in size. From that directory I have only one user configured with a project role in keystone. When I performed the following REST API call: GET: http://15.253.58.141:35357/v3/users The keystone server took almost an hour and a half to process my request before responding with the correct information: 2013-07-28 08:54:24 DEBUG [keystone.common.ldap.core] LDAP bind: dn=cn=CloudOSKeystoneDev, ou=Applications, o=hp.com 2013-07-28 08:54:25 DEBUG [keystone.common.ldap.core] In get_connection 6 user: cn=CloudOSKeystoneDev, ou=Applications, o=hp.com 2013-07-28 08:54:25 DEBUG [keystone.common.ldap.core] MY query in _ldap_get_all filter: None, query: (&(objectClass=hpPerson)) 2013-07-28 08:54:25 DEBUG [keystone.common.ldap.core] LDAP search: dn=ou=People,o=hp.com, scope=2, query=(&(objectClass=hpPerson)), attrs=['None', 'userPassword', 'hpStatus', 'mail', 'cn'] 2013-07-28 10:20:10 INFO [access] 15.253.57.88 - - [28/Jul/2013:17:20:10 +0000] "GET http://15.253.58.141:35357/v3/users HTTP/1.0" 200 87832184 2013-07-28 10:20:25 DEBUG [eventlet.wsgi.server] 15.253.57.88 - - [28/Jul/2013 10:20:25] "GET /v3/users HTTP/1.1" 200 87832342 5160.268039 REST API response: { "user": { "name": "[email protected]", "links": { "self": "http://localhost:5000/v3/users/[email protected]"; }, "enabled": "Active", "domain_id": "default", "email": "[email protected]", "id": "[email protected]" } } After completing my request I found that Keystone was locked up and required a stop/start service command to get it responding again. How do other people with ldap backends handle this problem? Thanks, Mark
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
