[Freeipa-users] Slow ipa performance -- why so many ldap lookups ?
Jakub Hrozek
jhrozek at redhat.com
Fri Apr 5 12:36:54 UTC 2013
On Fri, Apr 05, 2013 at 02:00:58PM +0200, Jan-Frode Myklebust wrote:
> On Fri, Mar 22, 2013 at 06:43:07PM +0100, Jan-Frode Myklebust wrote:
> >
> > >
> > > Does the problem go away if you set:
> > > selinux_provider = none
>
> Sorry, no. Also the "No SELinux user maps found!" didn't go away.
>
> At "Apr 5 13:46:22" I was denied access again by pam_access, and then
> seconds later I could log in:
>
> Apr 5 13:46:22 ipa2 sshd[15417]: pam_access(sshd:account): access denied for user `janfrode' from `login2.example.com'
> Apr 5 13:46:29 ipa2 sshd[15423]: pam_unix(sshd:session): session opened for user janfrode by (uid=0)
> Apr 5 13:46:33 ipa2 su: pam_unix(su-l:session): session opened for user root by janfrode(uid=15019)
>
> debug=6 logs attached. Any other suggestions?
It's still the same error. I would expect not to see this function:
[sssd[be[example]]] [ipa_get_selinux_send] (0x0400): Retrieving SELinux user mapping
being called at all if selinux_provider is set to none.
I will test this case locally again with the same version as you do. A
definite workaround would be to create the SELinux config object on the
server side.
More information about the Freeipa-users
mailing list