<div dir="ltr">Ondra,<div><br></div><div>Thanks again. You've definitely saved me from spending too much time going down a bunny hole.</div><div><br></div><div>-- Justin</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jan 22, 2016 at 4:35 AM, Ondra Machacek <span dir="ltr"><<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
the best thing you can do is to migrate to new AAA ldap[1],<br>
as anyway you will have to do so in 4.0, as manage-domains<br>
will be removed, so I think better invest time to migration,<br>
then to searching for root cause. We will be happy to help<br>
you with migration. You can also try migration tool[2].<br>
<br>
Ondra<br>
<br>
[1] <a href="https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README" rel="noreferrer" target="_blank">https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README</a><br>
[2] <a href="https://github.com/machacekondra/ovirt-engine-kerbldap-migration/releases" rel="noreferrer" target="_blank">https://github.com/machacekondra/ovirt-engine-kerbldap-migration/releases</a><div><div class="h5"><br>
<br>
On 01/22/2016 09:37 AM, Justin Bushey wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
Hello,<br>
<br>
I just wanted to see if anyone else has seen issues with using FreeIPA<br>
as an authentication domain with oVirt 3.6.1. Specifically, I'm seeing<br>
extremely slow performance when authenticating as an IPA user, between<br>
5-10 minutes to get logged into the UI. On the KDC side I'm seeing<br>
ticket requests from the oVirt host, which succeed and are repeated.<br>
Eventually authentication succeeds to the Web UI.<br>
<br>
The IPA domain was added using `engine-manage-domains` with the IPA<br>
provider option. I could configure direct LDAP authentication if<br>
absolutely need be, but this is really bugging me.<br>
<br>
Google hasn't turned up any similar issues so I wanted to check if<br>
anyone else has seen anything like this. I can post logs tomorrow if<br>
anyone wants to assist me in troubleshooting ;)<br>
<br>
Thanks,<br>
<br>
Justin Bushey<br>
InfoRelay Online Systems, Inc.<br>
<br>
<br></div></div>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
<br>
</blockquote>
</blockquote></div><br></div>