[ovirt-users] slow kerberos authentication
Fabrice Bacchella
fabrice.bacchella at orange.fr
Fri May 12 12:44:22 UTC 2017
Ok, I found where it's slow, it's a ldapsearch on our AD:
time ldapsearch -a never -E pr=100/noprompt -H ldap://ad1 -b DC=... -s sub '(&(groupType:1.2.840.113556.1.4.803:=2147483648)(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=userdn)))' objectGUID name description
# numResponses: 70
# numEntries: 66
# numReferences: 3
real 0m10.801s
user 0m0.007s
sys 0m0.012s
That matches the log line:
2017-05-12 14:22:17,413+02 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (pool-25-thread-2) [] Performing SearchRequest 'SearchRequest(baseDN='...', scope=SUB, deref=NEVER, sizeLimit=0, timeLimit=0, filter='&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483648)(member:1.2.840.113556.1.4.1941:=...)', attrs={objectGUID, name, description}, controls={SimplePagedResultsControl(pageSize=100, isCritical=false)})' request on server '...'
2017-05-12 14:22:24,456+02 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (pool-25-thread-1) [] SearchResult: SearchResult(resultCode=0 (success), messageID=3, entriesReturned=66, referencesReturned=0, responseControls={SimplePagedResultsControl(pageSize=0, isCritical=false)})
And without 1.2.840.113556.1.4.1941
# numResponses: 54
# numEntries: 50
# numReferences: 3
real 0m0.051s
user 0m0.008s
sys 0m0.007s
So it's an AD problem. 1.2.840.113556.1.4.1941 make it slow, but without it, the result is not the same. But I don't know if it's an AD or ovirt problem. I'll keep investigating.
Thank's for your help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20170512/1fd3856d/attachment.html>
More information about the Users
mailing list