[Freeipa-users] Slowdowns in freeIPA 2.2.0

Loris Santamaria loris at lgs.com.ve
Fri Jul 13 15:46:34 UTC 2012 

I have this test server with 8.000 entries, recently upgraded from 2.1.3
to 2.2.0 and I'm seeing some big slowdowns and I would like to know
where to look to debug them. The server is centos 6.3 with
ipa-server-2.2.0-16.el6.x86_64 and 389-ds-base-1.2.10.2-20.el6_3.x86_64

First of all in 2.2.0 ldapsearch with "-Y GSSAPI" is much slower than
using plain autentication:

# time ldapsearch -x uid=bdteg01662 dn
# extended LDIF
#
# LDAPv3
# base <dc=xxx,dc=gob,dc=ve> (default) with scope subtree
# filter: uid=bdteg01662
# requesting: dn 
#

# bdteg01662, users, accounts, xxx.gob.ve
dn: uid=bdteg01662,cn=users,cn=accounts,dc=xxx,dc=gob,dc=ve

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

real	0m0.006s
user	0m0.001s
sys	0m0.003s

# time ldapsearch -Y GSSAPI uid=bdteg01662 dn
SASL/GSSAPI authentication started
SASL username: admin at XXX.GOB.VE
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <dc=xxx,dc=gob,dc=ve> (default) with scope subtree
# filter: uid=bdteg01662
# requesting: dn 
#

# bdteg01662, users, accounts, xxx.gob.ve
dn: uid=bdteg01662,cn=users,cn=accounts,dc=xxx,dc=gob,dc=ve

# search result
search: 4
result: 0 Success

# numResponses: 2
# numEntries: 1

real	0m2.344s
user	0m0.007s
sys	0m0.005s

As a consequence of this all of the ipa commands run a bit slow. But the
real slowdown is in the web interface, every search is terribly slow and
any search that returns more than 4 or 5 entries never completes, it
shows a dialogue that says just "Unknown error". In the dirsrv access
logs I see that the search completes in a short time and the apache
error log doesn't show any error whatsoever.

Note this is a test system, there are no other users of this server, and
the compat plugin is disabled.

-- 
Loris Santamaria   linux user #70506   xmpp:loris at lgs.com.ve
Links Global Services, C.A.            http://www.lgs.com.ve
Tel: 0286 952.06.87  Cel: 0414 095.00.10  sip:103 at lgs.com.ve
------------------------------------------------------------
"If I'd asked my customers what they wanted, they'd have said
a faster horse" - Henry Ford
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6187 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120713/ddc02307/attachment.bin>

More information about the Freeipa-users mailing list