On 08/30/2013 11:08 PM, John Moyer wrote:
> Well IPA has machine entries on some test clusters that I'm rolling IPA
> out on (20 machines maybe) but the user base is the same (about 80 ~ 100)
> accounts with maybe 40 to 50 groups?
>
> I've stood up a clone of the jira server along with IPA. I cl
Martin,
I apologize there was a large offline conversation between Rich and
myself. Rich was kind enough to help me through some of my issues. We did a
lot more tests and poking and prodding. We discovered that IPA is not as
efficient when dealing with large number of connections.
On 09/04/2013 08:01 AM, John Moyer wrote:
> Martin,
>
> I apologize there was a large offline conversation between Rich and
> myself. Rich was kind enough to help me through some of my issues.
> We did a lot more tests and poking and prodding. We discovered that
> IPA is not as efficient when
That summary is correct. The only thing I would add is that other
applications could easily bring the IPA server to it's knees as well. Our
artifact server also did many connections per sec when used, and one person
doing a build could bring IPA to it's knees as well. Also, not only would I
What's the right venue for making a suggestion? In particular, I'd like to
toss out there that it would be really nice to be able to export, at a
minimum, DNS and user data from IPA in the form of a zone file and a
passwd/shadow file pair.
I realize there might be security implications to the latt
On 09/04/2013 08:53 AM, John Moyer wrote:
> That summary is correct. The only thing I would add is that other
> applications could easily bring the IPA server to it's knees as well.
Yes this is what I meant. It is not only JIRA. Any client that creates a
lot of connections can cause problems.
Sure, just let me know what needs to be run/applied. I've already rolled back
to LDAP, so if the fix looks like it works I can then roll it out again.
Thanks,
_
John Moyer
Director, IT Operations
On Sep 4, 2013, at 9:12 AM, Dmitri Pal wrote:
On Wed, 04 Sep 2013, Dmitri Pal wrote:
On 09/04/2013 08:01 AM, John Moyer wrote:
Martin,
I apologize there was a large offline conversation between Rich and
myself. Rich was kind enough to help me through some of my issues.
We did a lot more tests and poking and prodding. We discovered tha
On 4.9.2013 15:04, Bret Wortman wrote:
What's the right venue for making a suggestion? In particular, I'd like to
toss out there that it would be really nice to be able to export, at a
minimum, DNS and user data from IPA in the form of a zone file and a
passwd/shadow file pair.
I realize there m
I guess what I was looking for was something really easy -- like a
pushbutton in the UI. I've got 20+ zones, so even doing this means
scripting to keep from missing something.
*
*
*Bret Wortman*
http://damascusgrp.com/
http://about.me/wortmanbret
On Wed, Sep 4, 2013 at 9:26 AM, Petr Spacek wr
On 09/04/2013 09:26 AM, Petr Spacek wrote:
> On 4.9.2013 15:04, Bret Wortman wrote:
>> What's the right venue for making a suggestion? In particular, I'd
>> like to
>> toss out there that it would be really nice to be able to export, at a
>> minimum, DNS and user data from IPA in the form of a zone
Hi Chris,
Thanks for your reply!I forgot to mention that we tried sss_cache
(sss_cache -u user_id and sss_cache -U) in other RH6 ipa client and it
did not work...If we delete manually all /var/lib/sss/db we can see the
change but it is not going to be a nice solution.
On 09/04/2013 09:49 AM,
On Wed, Sep 04, 2013 at 10:47:49AM -0400, Chris Hudson wrote:
> You may want to check out the sss_cache package in the sssd-tools package. It
> looks to be in the base channel for RHEL5 Server and optional channel for
> RHEL6 Server. This tool will allow you to invalidate/manipulate the sssd
> c
On Wed, Sep 04, 2013 at 10:18:13AM -0500, cbul...@gmail.com wrote:
> Hi Chris,
>
> Thanks for your reply!I forgot to mention that we tried sss_cache
> (sss_cache -u user_id and sss_cache -U) in other RH6 ipa client and it
> did not work...If we delete manually all /var/lib/sss/db we can see t
On Wed, Sep 04, 2013 at 09:40:29AM -0500, cbul...@gmail.com wrote:
> Hi,
>
> We have a freeipa server (RedHat 6.3, freeipa:3.0.0-26) and freeipa
> client (RedHat 5.9, freeipa client 2.1.3.-5) working in our test testing
> scenario without further problems. We are able to use SUDO, HBAC etc.
> Our
On Wed, Sep 04, 2013 at 05:31:34PM +0200, Jakub Hrozek wrote:
> On Wed, Sep 04, 2013 at 10:18:13AM -0500, cbul...@gmail.com wrote:
> > Hi Chris,
> >
> > Thanks for your reply!I forgot to mention that we tried sss_cache
> > (sss_cache -u user_id and sss_cache -U) in other RH6 ipa client and it
Hi Jakub,
Thanks for your time and tips about sssd cache!
I did the test and let me explain what I got:
- After step 4 I can see dataExpireTimestamp to 1 for the user.
- After step 7 dataExpireTimestamp is back to 0 but the user data have
not changed.
The first line after the command ldbsearch
Ah, ok. One of the reasons why I was poking to this thread is exactly this
ticket. It does not contain much information _what exactly_ is making IPA
performance poor - whether it is missing indices (which ones?) or some issue
in IPA plugins during binds, etc.
Without more information, we do not kn
On Wed, 2013-09-04 at 09:40 -0400, Dmitri Pal wrote:
> On 09/04/2013 09:26 AM, Petr Spacek wrote:
> > On 4.9.2013 15:04, Bret Wortman wrote:
> >> What's the right venue for making a suggestion? In particular, I'd
> >> like to
> >> toss out there that it would be really nice to be able to export, at
On 09/04/2013 07:51 AM, Martin Kosek wrote:
Ah, ok. One of the reasons why I was poking to this thread is exactly this
ticket. It does not contain much information _what exactly_ is making IPA
performance poor - whether it is missing indices (which ones?) or some issue
in IPA plugins during binds
It was our opinion that it wasn't an index issue. I cleared the logs from the
IPA server, and then just ran a JIRA sync with the server. I gave Rich the log
file from my IPA for that sync. I can't find the exact conversation, but we
determined that JIRA was connecting to LDAP some 1000 times
On 09/04/2013 07:58 AM, John Moyer wrote:
It was our opinion that it wasn't an index issue. I cleared the logs
from the IPA server, and then just ran a JIRA sync with the server. I
gave Rich the log file from my IPA for that sync. I can't find the
exact conversation, but we determined that J
s/"sss_cache package"/"sss_cache tool"
:)
- Original Message -
> From: "Chris Hudson"
> To: cbul...@gmail.com
> Cc: freeipa-users@redhat.com
> Sent: Wednesday, September 4, 2013 10:47:49 AM
> Subject: Re: [Freeipa-users] Incorrect user information
> You may want to check out the sss_
You may want to check out the sss_cache package in the sssd-tools package. It
looks to be in the base channel for RHEL5 Server and optional channel for RHEL6
Server. This tool will allow you to invalidate/manipulate the sssd cache.
-Chris
- Original Message -
> From: cbul...@gmail.co
My problems all seem to be with replication (see the threads with subjects
"Scorched earth" and "Replication woes"), and Rob has found an engineer
willing to look at log files for me. My problem is in getting the log files
over to you for analysis. The system I'm working with is on a private
networ
Hi,
We have a freeipa server (RedHat 6.3, freeipa:3.0.0-26) and freeipa
client (RedHat 5.9, freeipa client 2.1.3.-5) working in our test testing
scenario without further problems. We are able to use SUDO, HBAC etc.
Our problem is when we change a user info (Name or Last Name) and check
it using th
I am experiencing some long execution times, and I'm wondering if anyone
can give me some insight.
We are running FreeIPA 3.0.0-26 on Redhat 6.1. We have multimaster
replication running among 4 hosts. We have approv 100 users, 25 usergroups
and hostgroups, and approx 2000 hosts in a single domain
...and I tried exporting the DNS data but ended up with a bunch of files
that looked liket his:
# cat foo.net.db
; <<>> DiG 9.9.3-rl.156.01.P1-RedHat-9.9.3-3.P1.fc18 <<>> +onesoa -t AXFR
foo.net
;; global options: +cmd
; Transfer failed.
#
The logs showed:
ipamaster named[31633]: client 1.2.3.
On 09/04/2013 12:18 PM, Terry Soucy wrote:
I am experiencing some long execution times, and I'm wondering if
anyone can give me some insight.
We are running FreeIPA 3.0.0-26 on Redhat 6.1. We have multimaster
replication running among 4 hosts. We have approv 100 users, 25
usergroups and host
I have the radius.schema file how do I add that into my ldap schema on IPA
server.
I see several ldif files /etc/dirsrv//schema but they are ldif
files
If I can extend my schema integration to free radius should be easy.
Thank you.
radius.schema
Description: Binary data
On 09/04/2013 05:41 PM, Jason Prouty wrote:
> I have the radius.schema file how do I add that into my ldap schema on
> IPA server.
>
> I see several ldif files /etc/dirsrv//schema but they are ldif
> files
>
>
>
> If I can extend my schema integration to free radius should be easy.
Is there a
This is the AV-Pair I would like to implement to pass back to radius.
dn: cn=priv-15,ou=cisco,ou=radius,dc=example,dc=com
objectClass: radiusObjectProfile
objectClass: radiusprofile
cn: priv-15
radiusReplyItem: cisco-avpair = "shell:priv-lvl=15"
-Original Message-
From: John Dennis [mail
On 09/05/2013 12:38 AM, Jason Prouty wrote:
> This is the AV-Pair I would like to implement to pass back to radius.
>
>
> dn: cn=priv-15,ou=cisco,ou=radius,dc=example,dc=com
> objectClass: radiusObjectProfile
> objectClass: radiusprofile
> cn: priv-15
> radiusReplyItem: cisco-avpair = "shell:priv-l
On 4.9.2013 20:23, Bret Wortman wrote:
...and I tried exporting the DNS data but ended up with a bunch of files
that looked liket his:
# cat foo.net.db
; <<>> DiG 9.9.3-rl.156.01.P1-RedHat-9.9.3-3.P1.fc18 <<>> +onesoa -t AXFR
foo.net
;; global options: +cmd
; Transfer failed.
#
The logs showed
34 matches
Mail list logo
