Bug 731747
Summary: | Offline actions take a very long time | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Orion Poplawski <orion> | ||||||
Component: | sssd | Assignee: | Stephen Gallagher <sgallagh> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 15 | CC: | eparis, jhrozek, sbose, sgallagh, ssorce | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | sssd-1.5.13-1.fc15.2 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | |||||||||
: | 767168 (view as bug list) | Environment: | |||||||
Last Closed: | 2011-09-09 05:30:46 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 767168 | ||||||||
Attachments: |
|
Judging by the logs you attached I strongly suspect an issue we fixed upstream but haven't released yet. Can you test this scratch build to see if it fixes the problem? http://koji.fedoraproject.org/koji/taskinfo?taskID=3285659 Created attachment 519036 [details]
sssd_default.log
That seems a lot better. su - orion still strikes me as too slow, but I'm not sure it is still a sssd issue at this point. Attaching updated logs.
The only timeout I see now is 6 seconds between issuing the LDAP search and giving up. In the logs I see that the server is resolvable but not reachable, so SSSD tried to connect every time it retries online operation.unusual. The timeout can be set using "ldap_network_timeout" option. Thanks, I'll poke around more. Any chance we'll see F15 and F14 updates soon? sssd-1.5.13-1.fc15.1, evolution-mapi-3.0.2-2.fc15.1, certmonger-0.45-1.fc15.1, openchange-0.9-18.fc15.1, samba4-4.0.0-25.alpha11.fc15.4, libldb-1.0.0-3.fc15, libtevent-0.9.13-1.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/sssd-1.5.13-1.fc15.1,evolution-mapi-3.0.2-2.fc15.1,certmonger-0.45-1.fc15.1,openchange-0.9-18.fc15.1,samba4-4.0.0-25.alpha11.fc15.4,libldb-1.0.0-3.fc15,libtevent-0.9.13-1.fc15 Package sssd-1.5.13-1.fc15.1, evolution-mapi-3.0.2-2.fc15.1, certmonger-0.45-1.fc15.1, openchange-0.9-18.fc15.1, libldb-1.0.0-3.fc15, libtevent-0.9.13-1.fc15, samba4-4.0.0-25.alpha11.fc15.5: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing sssd-1.5.13-1.fc15.1 evolution-mapi-3.0.2-2.fc15.1 certmonger-0.45-1.fc15.1 openchange-0.9-18.fc15.1 libldb-1.0.0-3.fc15 libtevent-0.9.13-1.fc15 samba4-4.0.0-25.alpha11.fc15.5' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/sssd-1.5.13-1.fc15.1,evolution-mapi-3.0.2-2.fc15.1,certmonger-0.45-1.fc15.1,openchange-0.9-18.fc15.1,samba4-4.0.0-25.alpha11.fc15.5,libldb-1.0.0-3.fc15,libtevent-0.9.13-1.fc15 then log in and leave karma (feedback). Package sssd-1.5.13-1.fc15.2, openchange-0.9-18.fc15.2, evolution-mapi-3.0.2-2.fc15.1, certmonger-0.45-1.fc15.1, libldb-1.0.0-3.fc15, libtevent-0.9.13-1.fc15, samba4-4.0.0-25.alpha11.fc15.5: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing sssd-1.5.13-1.fc15.2 openchange-0.9-18.fc15.2 evolution-mapi-3.0.2-2.fc15.1 certmonger-0.45-1.fc15.1 libldb-1.0.0-3.fc15 libtevent-0.9.13-1.fc15 samba4-4.0.0-25.alpha11.fc15.5' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/sssd-1.5.13-1.fc15.2,evolution-mapi-3.0.2-2.fc15.1,certmonger-0.45-1.fc15.1,openchange-0.9-18.fc15.2,samba4-4.0.0-25.alpha11.fc15.5,libldb-1.0.0-3.fc15,libtevent-0.9.13-1.fc15 then log in and leave karma (feedback). sssd-1.5.13-1.fc15.2, openchange-0.9-18.fc15.2, certmonger-0.45-1.fc15.1, libldb-1.0.0-3.fc15, libtevent-0.9.13-1.fc15, samba4-4.0.0-25.alpha11.fc15.5, evolution-mapi-3.0.3-2.fc15, evolution-exchange-3.0.3-1.fc15, evolution-3.0.3-1.fc15, evolution-data-server-3.0.3-1.fc15, gtkhtml3-4.0.2-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. |
Created attachment 518884 [details] sssd_default.log Description of problem: This is a laptop I keep at home. Account provider is LDAP, that is inaccessible so I'm running off cached information. Even after authenticating once, new authentications take a very long time. Of particular trouble is unlocking the screen, can take 30-60 seconds or more. I'm attaching sssd_default.log with debug 10 with the following events: su - su - orion su - orion again unlock screen Version-Release number of selected component (if applicable): sssd-1.5.12-1.fc15.i686 I'm trying for a configuration that will be as fast as possible in offline mode. [sssd] config_file_version = 2 reconnection_retries = 0 sbus_timeout = 30 services = nss, pam domains = default [nss] filter_groups = root filter_users = root reconnection_retries = 0 [pam] reconnection_retries = 0 [domain/default] ldap_id_use_start_tls = True ldap_search_base = dc=nwra,dc=com krb5_realm = CORA.NWRA.COM krb5_server = kerberos.cora.nwra.com id_provider = ldap auth_provider = krb5 chpass_provider = krb5 ldap_uri = ldap://ldap.cora.nwra.com/ krb5_kpasswd = kerberos.cora.nwra.com cache_credentials = True ldap_tls_cacertdir = /etc/openldap/cacerts debug_level = 10 reconnection_retries = 0 entry_cache_timeout = 86400