Re: [ovirt-users] oVirt 3.6.1 with FreeIPA Auth domain performance

Ondra, Thanks again. You've definitely saved me from spending too much time going down a bunny hole. -- Justin On Fri, Jan 22, 2016 at 4:35 AM, Ondra Machacek <omachace(a)redhat.com&gt; wrote: > Hi, > > the best thing you can do is to migrate to new AAA ldap[1], > as anyway you will have to do so in 4.0, as manage-domains > will be removed, so I think better invest time to migration, > then to searching for root cause. We will be happy to help > you with migration. You can also try migration tool[2]. > > Ondra > > [1] > https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=b... > [2] > https://github.com/machacekondra/ovirt-engine-kerbldap-migration/releases > > > On 01/22/2016 09:37 AM, Justin Bushey wrote: > >> Hello, >> >> I just wanted to see if anyone else has seen issues with using FreeIPA >> as an authentication domain with oVirt 3.6.1. Specifically, I'm seeing >> extremely slow performance when authenticating as an IPA user, between >> 5-10 minutes to get logged into the UI. On the KDC side I'm seeing >> ticket requests from the oVirt host, which succeed and are repeated. >> Eventually authentication succeeds to the Web UI. >> >> The IPA domain was added using `engine-manage-domains` with the IPA >> provider option. I could configure direct LDAP authentication if >> absolutely need be, but this is really bugging me. >> >> Google hasn't turned up any similar issues so I wanted to check if >> anyone else has seen anything like this. I can post logs tomorrow if >> anyone wants to assist me in troubleshooting ;) >> >> Thanks, >> >> Justin Bushey >> InfoRelay Online Systems, Inc. >> >> >> _______________________________________________ >> Users mailing list >> Users(a)ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >> >> _______________________________________________ Users mailing list Users(a)ovirt.org http://lists.ovirt.org/mailman/listinfo/users