On 09/04/2013 08:01 AM, John Moyer wrote:
Martin,
I apologize there was a large offline conversation between Rich and
myself. Rich was kind enough to help me through some of my issues.
We did a lot more tests and poking and prodding. We discovered that
IPA is not as efficient when
That summary is correct. The only thing I would add is that other
applications could easily bring the IPA server to it's knees as well. Our
artifact server also did many connections per sec when used, and one person
doing a build could bring IPA to it's knees as well. Also, not only would
Sure, just let me know what needs to be run/applied. I've already rolled back
to LDAP, so if the fix looks like it works I can then roll it out again.
Thanks,
_
John Moyer
Director, IT Operations
On Sep 4, 2013, at 9:12 AM, Dmitri Pal
On Wed, 04 Sep 2013, Dmitri Pal wrote:
On 09/04/2013 08:01 AM, John Moyer wrote:
Martin,
I apologize there was a large offline conversation between Rich and
myself. Rich was kind enough to help me through some of my issues.
We did a lot more tests and poking and prodding. We discovered
On 4.9.2013 15:04, Bret Wortman wrote:
What's the right venue for making a suggestion? In particular, I'd like to
toss out there that it would be really nice to be able to export, at a
minimum, DNS and user data from IPA in the form of a zone file and a
passwd/shadow file pair.
I realize there
On 09/04/2013 09:26 AM, Petr Spacek wrote:
On 4.9.2013 15:04, Bret Wortman wrote:
What's the right venue for making a suggestion? In particular, I'd
like to
toss out there that it would be really nice to be able to export, at a
minimum, DNS and user data from IPA in the form of a zone file
On Wed, Sep 04, 2013 at 10:47:49AM -0400, Chris Hudson wrote:
You may want to check out the sss_cache package in the sssd-tools package. It
looks to be in the base channel for RHEL5 Server and optional channel for
RHEL6 Server. This tool will allow you to invalidate/manipulate the sssd
On Wed, Sep 04, 2013 at 10:18:13AM -0500, cbul...@gmail.com wrote:
Hi Chris,
Thanks for your reply!I forgot to mention that we tried sss_cache
(sss_cache -u user_id and sss_cache -U) in other RH6 ipa client and it
did not work...If we delete manually all /var/lib/sss/db we can see the
On Wed, Sep 04, 2013 at 09:40:29AM -0500, cbul...@gmail.com wrote:
Hi,
We have a freeipa server (RedHat 6.3, freeipa:3.0.0-26) and freeipa
client (RedHat 5.9, freeipa client 2.1.3.-5) working in our test testing
scenario without further problems. We are able to use SUDO, HBAC etc.
Our
On Wed, Sep 04, 2013 at 05:31:34PM +0200, Jakub Hrozek wrote:
On Wed, Sep 04, 2013 at 10:18:13AM -0500, cbul...@gmail.com wrote:
Hi Chris,
Thanks for your reply!I forgot to mention that we tried sss_cache
(sss_cache -u user_id and sss_cache -U) in other RH6 ipa client and it
did
Hi Jakub,
Thanks for your time and tips about sssd cache!
I did the test and let me explain what I got:
- After step 4 I can see dataExpireTimestamp to 1 for the user.
- After step 7 dataExpireTimestamp is back to 0 but the user data have
not changed.
The first line after the command
Ah, ok. One of the reasons why I was poking to this thread is exactly this
ticket. It does not contain much information _what exactly_ is making IPA
performance poor - whether it is missing indices (which ones?) or some issue
in IPA plugins during binds, etc.
Without more information, we do not
On Wed, 2013-09-04 at 09:40 -0400, Dmitri Pal wrote:
On 09/04/2013 09:26 AM, Petr Spacek wrote:
On 4.9.2013 15:04, Bret Wortman wrote:
What's the right venue for making a suggestion? In particular, I'd
like to
toss out there that it would be really nice to be able to export, at a
On 09/04/2013 07:51 AM, Martin Kosek wrote:
Ah, ok. One of the reasons why I was poking to this thread is exactly this
ticket. It does not contain much information _what exactly_ is making IPA
performance poor - whether it is missing indices (which ones?) or some issue
in IPA plugins during
It was our opinion that it wasn't an index issue. I cleared the logs from the
IPA server, and then just ran a JIRA sync with the server. I gave Rich the log
file from my IPA for that sync. I can't find the exact conversation, but we
determined that JIRA was connecting to LDAP some 1000 times
On 09/04/2013 07:58 AM, John Moyer wrote:
It was our opinion that it wasn't an index issue. I cleared the logs
from the IPA server, and then just ran a JIRA sync with the server. I
gave Rich the log file from my IPA for that sync. I can't find the
exact conversation, but we determined that
You may want to check out the sss_cache package in the sssd-tools package. It
looks to be in the base channel for RHEL5 Server and optional channel for RHEL6
Server. This tool will allow you to invalidate/manipulate the sssd cache.
-Chris
- Original Message -
From:
Hi,
We have a freeipa server (RedHat 6.3, freeipa:3.0.0-26) and freeipa
client (RedHat 5.9, freeipa client 2.1.3.-5) working in our test testing
scenario without further problems. We are able to use SUDO, HBAC etc.
Our problem is when we change a user info (Name or Last Name) and check
it using
I am experiencing some long execution times, and I'm wondering if anyone
can give me some insight.
We are running FreeIPA 3.0.0-26 on Redhat 6.1. We have multimaster
replication running among 4 hosts. We have approv 100 users, 25 usergroups
and hostgroups, and approx 2000 hosts in a single
On 09/04/2013 12:18 PM, Terry Soucy wrote:
I am experiencing some long execution times, and I'm wondering if
anyone can give me some insight.
We are running FreeIPA 3.0.0-26 on Redhat 6.1. We have multimaster
replication running among 4 hosts. We have approv 100 users, 25
usergroups and
I have the radius.schema file how do I add that into my ldap schema on IPA
server.
I see several ldif files /etc/dirsrv/instance/schema but they are ldif
files
If I can extend my schema integration to free radius should be easy.
Thank you.
radius.schema
Description: Binary data
On 09/04/2013 05:41 PM, Jason Prouty wrote:
I have the radius.schema file how do I add that into my ldap schema on
IPA server.
I see several ldif files /etc/dirsrv/instance/schema but they are ldif
files
If I can extend my schema integration to free radius should be easy.
Is there a
This is the AV-Pair I would like to implement to pass back to radius.
dn: cn=priv-15,ou=cisco,ou=radius,dc=example,dc=com
objectClass: radiusObjectProfile
objectClass: radiusprofile
cn: priv-15
radiusReplyItem: cisco-avpair = shell:priv-lvl=15
-Original Message-
From: John Dennis
23 matches
Mail list logo