Bug 731747

Summary: Offline actions take a very long time
Product: [Fedora] Fedora Reporter: Orion Poplawski <orion>
Component: sssdAssignee: Stephen Gallagher <sgallagh>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 15CC: eparis, jhrozek, sbose, sgallagh, ssorce
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: sssd-1.5.13-1.fc15.2 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 767168 (view as bug list) Environment:
Last Closed: 2011-09-09 05:30:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 767168    
Attachments:
Description Flags
sssd_default.log
none
sssd_default.log none

Description Orion Poplawski 2011-08-18 14:37:48 UTC 
Created attachment 518884 [details]
sssd_default.log

Description of problem:

This is a laptop I keep at home.  Account provider is LDAP, that is inaccessible so I'm running off cached information.  Even after authenticating once, new authentications take a very long time.  Of particular trouble is unlocking the screen, can take 30-60 seconds or more.

I'm attaching sssd_default.log with debug 10 with the following events:

su -
su - orion
su - orion again
unlock screen

Version-Release number of selected component (if applicable):
sssd-1.5.12-1.fc15.i686

I'm trying for a configuration that will be as fast as possible in offline mode.

[sssd]
config_file_version = 2
reconnection_retries = 0
sbus_timeout = 30
services = nss, pam
domains = default
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 0
[pam]
reconnection_retries = 0
[domain/default]
ldap_id_use_start_tls = True
ldap_search_base = dc=nwra,dc=com
krb5_realm = CORA.NWRA.COM
krb5_server = kerberos.cora.nwra.com
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_uri = ldap://ldap.cora.nwra.com/
krb5_kpasswd = kerberos.cora.nwra.com
cache_credentials = True
ldap_tls_cacertdir = /etc/openldap/cacerts
debug_level = 10
reconnection_retries = 0
entry_cache_timeout = 86400
Comment 1 Jakub Hrozek 2011-08-19 10:23:02 UTC 
Judging by the logs you attached I strongly suspect an issue we fixed upstream but haven't released yet. 

Can you test this scratch build to see if it fixes the problem?

http://koji.fedoraproject.org/koji/taskinfo?taskID=3285659
Comment 2 Orion Poplawski 2011-08-19 13:22:19 UTC 
Created attachment 519036 [details]
sssd_default.log

That seems a lot better.  su - orion still strikes me as too slow, but I'm not sure it is still a sssd issue at this point.  Attaching updated logs.
Comment 3 Jakub Hrozek 2011-08-19 15:22:25 UTC 
The only timeout I see now is 6 seconds between issuing the LDAP search and giving up. 

In the logs I see that the server is resolvable but not reachable, so SSSD tried to connect every time it retries online operation.unusual.

The timeout can be set using "ldap_network_timeout" option.
Comment 4 Orion Poplawski 2011-08-23 15:50:52 UTC 
Thanks, I'll poke around more.  Any chance we'll see F15 and F14 updates soon?
Comment 5 Fedora Update System 2011-08-30 11:57:52 UTC 
sssd-1.5.13-1.fc15.1, evolution-mapi-3.0.2-2.fc15.1, certmonger-0.45-1.fc15.1, openchange-0.9-18.fc15.1, samba4-4.0.0-25.alpha11.fc15.4, libldb-1.0.0-3.fc15, libtevent-0.9.13-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/sssd-1.5.13-1.fc15.1,evolution-mapi-3.0.2-2.fc15.1,certmonger-0.45-1.fc15.1,openchange-0.9-18.fc15.1,samba4-4.0.0-25.alpha11.fc15.4,libldb-1.0.0-3.fc15,libtevent-0.9.13-1.fc15
Comment 6 Fedora Update System 2011-08-31 01:40:20 UTC 
Package sssd-1.5.13-1.fc15.1, evolution-mapi-3.0.2-2.fc15.1, certmonger-0.45-1.fc15.1, openchange-0.9-18.fc15.1, libldb-1.0.0-3.fc15, libtevent-0.9.13-1.fc15, samba4-4.0.0-25.alpha11.fc15.5:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing sssd-1.5.13-1.fc15.1 evolution-mapi-3.0.2-2.fc15.1 certmonger-0.45-1.fc15.1 openchange-0.9-18.fc15.1 libldb-1.0.0-3.fc15 libtevent-0.9.13-1.fc15 samba4-4.0.0-25.alpha11.fc15.5'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/sssd-1.5.13-1.fc15.1,evolution-mapi-3.0.2-2.fc15.1,certmonger-0.45-1.fc15.1,openchange-0.9-18.fc15.1,samba4-4.0.0-25.alpha11.fc15.5,libldb-1.0.0-3.fc15,libtevent-0.9.13-1.fc15
then log in and leave karma (feedback).
Comment 7 Fedora Update System 2011-09-07 00:27:25 UTC 
Package sssd-1.5.13-1.fc15.2, openchange-0.9-18.fc15.2, evolution-mapi-3.0.2-2.fc15.1, certmonger-0.45-1.fc15.1, libldb-1.0.0-3.fc15, libtevent-0.9.13-1.fc15, samba4-4.0.0-25.alpha11.fc15.5:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing sssd-1.5.13-1.fc15.2 openchange-0.9-18.fc15.2 evolution-mapi-3.0.2-2.fc15.1 certmonger-0.45-1.fc15.1 libldb-1.0.0-3.fc15 libtevent-0.9.13-1.fc15 samba4-4.0.0-25.alpha11.fc15.5'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/sssd-1.5.13-1.fc15.2,evolution-mapi-3.0.2-2.fc15.1,certmonger-0.45-1.fc15.1,openchange-0.9-18.fc15.2,samba4-4.0.0-25.alpha11.fc15.5,libldb-1.0.0-3.fc15,libtevent-0.9.13-1.fc15
then log in and leave karma (feedback).
Comment 8 Fedora Update System 2011-09-09 05:30:26 UTC 
sssd-1.5.13-1.fc15.2, openchange-0.9-18.fc15.2, certmonger-0.45-1.fc15.1, libldb-1.0.0-3.fc15, libtevent-0.9.13-1.fc15, samba4-4.0.0-25.alpha11.fc15.5, evolution-mapi-3.0.3-2.fc15, evolution-exchange-3.0.3-1.fc15, evolution-3.0.3-1.fc15, evolution-data-server-3.0.3-1.fc15, gtkhtml3-4.0.2-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.