[ovirt-users] oVirt 3.6.1 with FreeIPA Auth domain performance

Donny Davis donny at cloudspin.me
Sat Jan 23 04:29:42 UTC 2016 

I use Freeipa without issue on AAA Ldap....

Here is a simple write up that may help you understand how aaa ldap works.
This is out dated, so don't just copy and paste.... however it will help
you get the gist

https://ipv6cloud.wordpress.com/2014/12/16/ovirt-simple-ldap-aaa/

On Fri, Jan 22, 2016 at 2:08 PM, Justin Bushey <jbushey at inforelay.com>
wrote:

> Ondra,
>
> Thanks again. You've definitely saved me from spending too much time going
> down a bunny hole.
>
> -- Justin
>
> On Fri, Jan 22, 2016 at 4:35 AM, Ondra Machacek <omachace at redhat.com>
> wrote:
>
>> Hi,
>>
>> the best thing you can do is to migrate to new AAA ldap[1],
>> as anyway you will have to do so in 4.0, as manage-domains
>> will be removed, so I think better invest time to migration,
>> then to searching for root cause. We will be happy to help
>> you with migration. You can also try migration tool[2].
>>
>> Ondra
>>
>> [1]
>> https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README
>> [2]
>> https://github.com/machacekondra/ovirt-engine-kerbldap-migration/releases
>>
>>
>> On 01/22/2016 09:37 AM, Justin Bushey wrote:
>>
>>> Hello,
>>>
>>> I just wanted to see if anyone else has seen issues with using FreeIPA
>>> as an authentication domain with oVirt 3.6.1. Specifically, I'm seeing
>>> extremely slow performance when authenticating as an IPA user, between
>>> 5-10 minutes to get logged into the UI. On the KDC side I'm seeing
>>> ticket requests from the oVirt host, which succeed and are repeated.
>>> Eventually authentication succeeds to the Web UI.
>>>
>>> The IPA domain was added using `engine-manage-domains` with the IPA
>>> provider option. I could configure direct LDAP authentication if
>>> absolutely need be, but this is really bugging me.
>>>
>>> Google hasn't turned up any similar issues so I wanted to check if
>>> anyone else has seen anything like this. I can post logs tomorrow if
>>> anyone wants to assist me in troubleshooting ;)
>>>
>>> Thanks,
>>>
>>> Justin Bushey
>>> InfoRelay Online Systems, Inc.
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>>>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>


-- 
Donny Davis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160122/5467db5a/attachment-0001.html>

More information about the Users mailing list