It works much better now. Goes from 6s to less than 500ms. Not blazing fast but
much more usable, thanks a lot.
> Le 12 mai 2017 à 15:58, Ondra Machacek a écrit :
>
> This is new feature in aaa-ldap tracked here[1].
> By default for AD profiles we use this feature, and it
This is new feature in aaa-ldap tracked here[1].
By default for AD profiles we use this feature, and it should
increase performance in most cases.
But if this is not the case for you, can you just try to change the profile
from:
include =
to
include =
And see if it will be better?
[1]
I found that:
http://dunnry.com/blog/TransitiveLinkValueFilterEvaluation.aspx
> Le 12 mai 2017 à 14:44, Fabrice Bacchella a
> écrit :
>
> Ok, I found where it's slow, it's a ldapsearch on our AD:
>
> time ldapsearch -a never -E pr=100/noprompt -H ldap://ad1
Ok, I found where it's slow, it's a ldapsearch on our AD:
time ldapsearch -a never -E pr=100/noprompt -H ldap://ad1 -b DC=... -s sub
'(&(groupType:1.2.840.113556.1.4.803:=2147483648)(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=userdn)))'
objectGUID name description
# numResponses:
> Le 12 mai 2017 à 13:35, Ondra Machacek a écrit :
>
>
>
> On Fri, May 12, 2017 at 1:18 PM, Fabrice Bacchella
> > wrote:
> The request is indeed quite slow within ovirt, using the setup given by Juan:
>
>
On Fri, May 12, 2017 at 1:18 PM, Fabrice Bacchella <
fabrice.bacche...@orange.fr> wrote:
> The request is indeed quite slow within ovirt, using the setup given by
> Juan:
>
> /ovirt-engine/sso/oauth/token-http-auth 7001ms
>
> I was not able to authenticate jboss-cli.sh, I don't know why:
>
The request is indeed quite slow within ovirt, using the setup given by Juan:
/ovirt-engine/sso/oauth/token-http-auth 7001ms
I was not able to authenticate jboss-cli.sh, I don't know why:
'admin@internal-authz': No valid profile found in credentials.
So I tried to modifie
On 05/12/2017 11:45 AM, Juan Hernández wrote:
> On 05/12/2017 10:04 AM, Yaniv Kaul wrote:
>>
>>
>> On May 11, 2017 8:25 PM, "Fabrice Bacchella"
>> > wrote:
>>
>> I'm using kerberos authentication in ovirt for the URL
>>
On 05/12/2017 10:04 AM, Yaniv Kaul wrote:
>
>
> On May 11, 2017 8:25 PM, "Fabrice Bacchella"
> > wrote:
>
> I'm using kerberos authentication in ovirt for the URL
> /sso/oauth/token-http-auth, but kerberos is done in
On May 11, 2017 8:25 PM, "Fabrice Bacchella"
wrote:
I'm using kerberos authentication in ovirt for the URL
/sso/oauth/token-http-auth, but kerberos is done in Apache using
auth_gssapi_module and it's quite slow, about 6s for a request.
I'm trying to understand if
I am not aware of anything, but debug log of all aaa stuff would help,
to understand what takes the most time.
- org.ovirt.engineextensions.aaa.ldap
- org.ovirt.engineextensions.aaa.misc
- org.ovirt.engine.core.aaa
- org.ovirt.engine.core.sso
To enable it in runtime, please follow:
I'm using kerberos authentication in ovirt for the URL
/sso/oauth/token-http-auth, but kerberos is done in Apache using
auth_gssapi_module and it's quite slow, about 6s for a request.
I'm trying to understand if it's apache or ovirt-engine that are slow. Is there
a way to get response time
12 matches
Mail list logo