Bug 731747 - Offline actions take a very long time
Summary: Offline actions take a very long time
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: sssd
Version: 15
Hardware: All
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Stephen Gallagher
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 767168
TreeView+ depends on / blocked
 
Reported: 2011-08-18 14:37 UTC by Orion Poplawski
Modified: 2011-12-13 12:54 UTC (History)
5 users (show)

Fixed In Version: sssd-1.5.13-1.fc15.2
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 767168 (view as bug list)
Environment:
Last Closed: 2011-09-09 05:30:46 UTC


Attachments (Terms of Use)
sssd_default.log (210.33 KB, text/x-log)
2011-08-18 14:37 UTC, Orion Poplawski
no flags Details
sssd_default.log (260.12 KB, text/plain)
2011-08-19 13:22 UTC, Orion Poplawski
no flags Details


Links
System ID Priority Status Summary Last Updated
FedoraHosted SSSD 977 None None None Never

Description Orion Poplawski 2011-08-18 14:37:48 UTC
Created attachment 518884 [details]
sssd_default.log

Description of problem:

This is a laptop I keep at home.  Account provider is LDAP, that is inaccessible so I'm running off cached information.  Even after authenticating once, new authentications take a very long time.  Of particular trouble is unlocking the screen, can take 30-60 seconds or more.

I'm attaching sssd_default.log with debug 10 with the following events:

su -
su - orion
su - orion again
unlock screen

Version-Release number of selected component (if applicable):
sssd-1.5.12-1.fc15.i686

I'm trying for a configuration that will be as fast as possible in offline mode.

[sssd]
config_file_version = 2
reconnection_retries = 0
sbus_timeout = 30
services = nss, pam
domains = default
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 0
[pam]
reconnection_retries = 0
[domain/default]
ldap_id_use_start_tls = True
ldap_search_base = dc=nwra,dc=com
krb5_realm = CORA.NWRA.COM
krb5_server = kerberos.cora.nwra.com
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_uri = ldap://ldap.cora.nwra.com/
krb5_kpasswd = kerberos.cora.nwra.com
cache_credentials = True
ldap_tls_cacertdir = /etc/openldap/cacerts
debug_level = 10
reconnection_retries = 0
entry_cache_timeout = 86400

Comment 1 Jakub Hrozek 2011-08-19 10:23:02 UTC
Judging by the logs you attached I strongly suspect an issue we fixed upstream but haven't released yet. 

Can you test this scratch build to see if it fixes the problem?

http://koji.fedoraproject.org/koji/taskinfo?taskID=3285659

Comment 2 Orion Poplawski 2011-08-19 13:22:19 UTC
Created attachment 519036 [details]
sssd_default.log

That seems a lot better.  su - orion still strikes me as too slow, but I'm not sure it is still a sssd issue at this point.  Attaching updated logs.

Comment 3 Jakub Hrozek 2011-08-19 15:22:25 UTC
The only timeout I see now is 6 seconds between issuing the LDAP search and giving up. 

In the logs I see that the server is resolvable but not reachable, so SSSD tried to connect every time it retries online operation.unusual.

The timeout can be set using "ldap_network_timeout" option.

Comment 4 Orion Poplawski 2011-08-23 15:50:52 UTC
Thanks, I'll poke around more.  Any chance we'll see F15 and F14 updates soon?

Comment 5 Fedora Update System 2011-08-30 11:57:52 UTC
sssd-1.5.13-1.fc15.1, evolution-mapi-3.0.2-2.fc15.1, certmonger-0.45-1.fc15.1, openchange-0.9-18.fc15.1, samba4-4.0.0-25.alpha11.fc15.4, libldb-1.0.0-3.fc15, libtevent-0.9.13-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/sssd-1.5.13-1.fc15.1,evolution-mapi-3.0.2-2.fc15.1,certmonger-0.45-1.fc15.1,openchange-0.9-18.fc15.1,samba4-4.0.0-25.alpha11.fc15.4,libldb-1.0.0-3.fc15,libtevent-0.9.13-1.fc15

Comment 6 Fedora Update System 2011-08-31 01:40:20 UTC
Package sssd-1.5.13-1.fc15.1, evolution-mapi-3.0.2-2.fc15.1, certmonger-0.45-1.fc15.1, openchange-0.9-18.fc15.1, libldb-1.0.0-3.fc15, libtevent-0.9.13-1.fc15, samba4-4.0.0-25.alpha11.fc15.5:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing sssd-1.5.13-1.fc15.1 evolution-mapi-3.0.2-2.fc15.1 certmonger-0.45-1.fc15.1 openchange-0.9-18.fc15.1 libldb-1.0.0-3.fc15 libtevent-0.9.13-1.fc15 samba4-4.0.0-25.alpha11.fc15.5'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/sssd-1.5.13-1.fc15.1,evolution-mapi-3.0.2-2.fc15.1,certmonger-0.45-1.fc15.1,openchange-0.9-18.fc15.1,samba4-4.0.0-25.alpha11.fc15.5,libldb-1.0.0-3.fc15,libtevent-0.9.13-1.fc15
then log in and leave karma (feedback).

Comment 7 Fedora Update System 2011-09-07 00:27:25 UTC
Package sssd-1.5.13-1.fc15.2, openchange-0.9-18.fc15.2, evolution-mapi-3.0.2-2.fc15.1, certmonger-0.45-1.fc15.1, libldb-1.0.0-3.fc15, libtevent-0.9.13-1.fc15, samba4-4.0.0-25.alpha11.fc15.5:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing sssd-1.5.13-1.fc15.2 openchange-0.9-18.fc15.2 evolution-mapi-3.0.2-2.fc15.1 certmonger-0.45-1.fc15.1 libldb-1.0.0-3.fc15 libtevent-0.9.13-1.fc15 samba4-4.0.0-25.alpha11.fc15.5'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/sssd-1.5.13-1.fc15.2,evolution-mapi-3.0.2-2.fc15.1,certmonger-0.45-1.fc15.1,openchange-0.9-18.fc15.2,samba4-4.0.0-25.alpha11.fc15.5,libldb-1.0.0-3.fc15,libtevent-0.9.13-1.fc15
then log in and leave karma (feedback).

Comment 8 Fedora Update System 2011-09-09 05:30:26 UTC
sssd-1.5.13-1.fc15.2, openchange-0.9-18.fc15.2, certmonger-0.45-1.fc15.1, libldb-1.0.0-3.fc15, libtevent-0.9.13-1.fc15, samba4-4.0.0-25.alpha11.fc15.5, evolution-mapi-3.0.3-2.fc15, evolution-exchange-3.0.3-1.fc15, evolution-3.0.3-1.fc15, evolution-data-server-3.0.3-1.fc15, gtkhtml3-4.0.2-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.