[ovirt-users] slow kerberos authentication

Fabrice Bacchella fabrice.bacchella at orange.fr
Fri May 12 12:54:14 UTC 2017 

I found that:

http://dunnry.com/blog/TransitiveLinkValueFilterEvaluation.aspx


> Le 12 mai 2017 à 14:44, Fabrice Bacchella <fabrice.bacchella at orange.fr> a écrit :
> 
> Ok, I found where it's slow, it's a ldapsearch on our AD:
> 
> time ldapsearch -a never -E pr=100/noprompt -H ldap://ad1 <ldap://ad1> -b DC=... -s sub '(&(groupType:1.2.840.113556.1.4.803:=2147483648)(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=userdn)))' objectGUID name description
> 
> # numResponses: 70
> # numEntries: 66
> # numReferences: 3
> 
> real	0m10.801s
> user	0m0.007s
> sys	0m0.012s
> 
> That matches the log line:
> 2017-05-12 14:22:17,413+02 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (pool-25-thread-2) [] Performing SearchRequest 'SearchRequest(baseDN='...', scope=SUB, deref=NEVER, sizeLimit=0, timeLimit=0, filter='&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483648)(member:1.2.840.113556.1.4.1941:=...)', attrs={objectGUID, name, description}, controls={SimplePagedResultsControl(pageSize=100, isCritical=false)})' request on server '...'
> 2017-05-12 14:22:24,456+02 DEBUG [org.ovirt.engineextensions.aaa.ldap.Framework] (pool-25-thread-1) [] SearchResult: SearchResult(resultCode=0 (success), messageID=3, entriesReturned=66, referencesReturned=0, responseControls={SimplePagedResultsControl(pageSize=0, isCritical=false)})
> 
> 
> And without 1.2.840.113556.1.4.1941
> 
> # numResponses: 54
> # numEntries: 50
> # numReferences: 3
> 
> real	0m0.051s
> user	0m0.008s
> sys	0m0.007s
> 
> So it's an AD problem. 1.2.840.113556.1.4.1941 make it slow, but without it, the result is not the same. But I don't know if it's an AD or ovirt problem. I'll keep investigating.
> 
> Thank's for your help.
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20170512/a49e131a/attachment-0001.html>

More information about the Users mailing list