It works much better now. Goes from 6s to less than 500ms. Not blazing fast but much more usable, thanks a lot.
> Le 12 mai 2017 à 15:58, Ondra Machacek <omach...@redhat.com> a écrit : > > This is new feature in aaa-ldap tracked here[1]. > By default for AD profiles we use this feature, and it should > increase performance in most cases. > > But if this is not the case for you, can you just try to change the profile > from: > > include = <ad.properties> > > to > > include = <ad-recursive.properties> > > And see if it will be better? > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1393407 > <https://bugzilla.redhat.com/show_bug.cgi?id=1393407> > > On Fri, May 12, 2017 at 2:54 PM, Fabrice Bacchella > <fabrice.bacche...@orange.fr <mailto:fabrice.bacche...@orange.fr>> wrote: > I found that: > > http://dunnry.com/blog/TransitiveLinkValueFilterEvaluation.aspx > <http://dunnry.com/blog/TransitiveLinkValueFilterEvaluation.aspx> > > >> Le 12 mai 2017 à 14:44, Fabrice Bacchella <fabrice.bacche...@orange.fr >> <mailto:fabrice.bacche...@orange.fr>> a écrit : >> >> Ok, I found where it's slow, it's a ldapsearch on our AD: >> >> time ldapsearch -a never -E pr=100/noprompt -H ldap://ad1 <> -b DC=... -s >> sub '(&(groupType:1.2.840.113556.1.4.803:=2147483648 >> <tel:(214)%20748-3648>)(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=userdn)))' >> objectGUID name description >> >> # numResponses: 70 >> # numEntries: 66 >> # numReferences: 3 >> >> real 0m10.801s >> user 0m0.007s >> sys 0m0.012s >> >> That matches the log line: >> 2017-05-12 14:22:17,413+02 DEBUG >> [org.ovirt.engineextensions.aaa.ldap.Framework] (pool-25-thread-2) [] >> Performing SearchRequest 'SearchRequest(baseDN='...', scope=SUB, >> deref=NEVER, sizeLimit=0, timeLimit=0, >> filter='&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483648)(member:1.2.840.113556.1.4.1941:=...)', >> attrs={objectGUID, name, description}, >> controls={SimplePagedResultsControl(pageSize=100, isCritical=false)})' >> request on server '...' >> 2017-05-12 14:22:24,456+02 DEBUG >> [org.ovirt.engineextensions.aaa.ldap.Framework] (pool-25-thread-1) [] >> SearchResult: SearchResult(resultCode=0 (success), messageID=3, >> entriesReturned=66, referencesReturned=0, >> responseControls={SimplePagedResultsControl(pageSize=0, isCritical=false)}) >> >> >> And without 1.2.840.113556.1.4.1941 >> >> # numResponses: 54 >> # numEntries: 50 >> # numReferences: 3 >> >> real 0m0.051s >> user 0m0.008s >> sys 0m0.007s >> >> So it's an AD problem. 1.2.840.113556.1.4.1941 make it slow, but without it, >> the result is not the same. But I don't know if it's an AD or ovirt problem. >> I'll keep investigating. >> >> Thank's for your help. >> _______________________________________________ >> Users mailing list >> Users@ovirt.org <mailto:Users@ovirt.org> >> http://lists.ovirt.org/mailman/listinfo/users >> <http://lists.ovirt.org/mailman/listinfo/users> > > > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
