<div dir="ltr"><div><div><div><div><div><div>This is new feature in aaa-ldap tracked here[1].<br></div>By default for AD profiles we use this feature, and it should<br></div>increase performance in most cases.<br><br></div>But if this is not the case for you, can you just try to change the profile<br></div>from:<br><br> include = &lt;ad.properties&gt;<br><br></div>to<br><br> include = &lt;ad-recursive.properties&gt;<br><br></div>And see if it will be better?<br><div><div><div><div><div><div><br>[1] <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1393407">https://bugzilla.redhat.com/show_bug.cgi?id=1393407</a><br></div></div></div></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, May 12, 2017 at 2:54 PM, Fabrice Bacchella <span dir="ltr">&lt;<a href="mailto:fabrice.bacchella@orange.fr" target="_blank">fabrice.bacchella@orange.fr</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">I found that:<div><br></div><div><a href="http://dunnry.com/blog/TransitiveLinkValueFilterEvaluation.aspx" target="_blank">http://dunnry.com/blog/<wbr>TransitiveLinkValueFilterEvalu<wbr>ation.aspx</a></div><div><br></div><div><br><div><blockquote type="cite"><div><div class="h5"><div>Le 12 mai 2017 à 14:44, Fabrice Bacchella &lt;<a href="mailto:fabrice.bacchella@orange.fr" target="_blank">fabrice.bacchella@orange.fr</a>&gt; a écrit :</div><br class="m_5720800219487051111Apple-interchange-newline"></div></div><div><div><div class="h5"><div style="word-wrap:break-word">Ok, I found where it&#39;s slow, it&#39;s a ldapsearch on our AD:<div><br></div><div><div style="margin:0px;font-size:11px;line-height:normal;font-family:Menlo"><span style="font-variant-ligatures:no-common-ligatures">time ldapsearch -a never -E pr=100/noprompt -H <a>ldap://ad1</a> -b DC=... -s sub &#39;(&amp;(groupType:1.2.840.113556.<wbr>1.4.803:=<a href="tel:(214)%20748-3648" value="+12147483648" target="_blank">2147483648</a>)(&amp;(<wbr>objectCategory=group)(member:<wbr>1.2.840.113556.1.4.1941:=<wbr>userdn)))&#39; objectGUID name description</span></div><br></div><div><div style="margin:0px;line-height:normal"><div style="font-family:Menlo;font-size:11px;margin:0px;line-height:normal"><span style="font-variant-ligatures:no-common-ligatures"># numResponses: 70</span></div><div style="font-family:Menlo;font-size:11px;margin:0px;line-height:normal"><span style="font-variant-ligatures:no-common-ligatures"># numEntries: 66</span></div><div style="font-family:Menlo;font-size:11px;margin:0px;line-height:normal"><span style="font-variant-ligatures:no-common-ligatures"># numReferences: 3</span></div><div style="font-family:Menlo;font-size:11px;margin:0px;line-height:normal;min-height:13px"><span style="font-variant-ligatures:no-common-ligatures"></span><br></div><div style="font-family:Menlo;font-size:11px;margin:0px;line-height:normal"><span style="font-variant-ligatures:no-common-ligatures">real<span class="m_5720800219487051111Apple-tab-span" style="white-space:pre-wrap">        </span>0m10.801s</span></div><div style="font-family:Menlo;font-size:11px;margin:0px;line-height:normal"><span style="font-variant-ligatures:no-common-ligatures">user<span class="m_5720800219487051111Apple-tab-span" style="white-space:pre-wrap">        </span>0m0.007s</span></div><div style="font-family:Menlo;font-size:11px;margin:0px;line-height:normal"><span style="font-variant-ligatures:no-common-ligatures">sys<span class="m_5720800219487051111Apple-tab-span" style="white-space:pre-wrap">        </span>0m0.012s</span></div><div style="font-family:Menlo;font-size:11px;margin:0px;line-height:normal"><span style="font-variant-ligatures:no-common-ligatures"><br></span></div><div style="font-family:Menlo;font-size:11px;margin:0px;line-height:normal"><span style="font-variant-ligatures:no-common-ligatures">That matches the log line:</span></div><div style="margin:0px;line-height:normal"><span style="font-variant-ligatures:no-common-ligatures"><div style="margin:0px;line-height:normal"><font face="Menlo"><span style="font-size:11px">2017-05-12 14:22:17,413+02 DEBUG [org.ovirt.engineextensions.<wbr>aaa.ldap.Framework] (pool-25-thread-2) [] Performing SearchRequest &#39;SearchRequest(baseDN=&#39;...&#39;, scope=SUB, deref=NEVER, sizeLimit=0, timeLimit=0, filter=&#39;&amp;(objectCategory=<wbr>group)(groupType:1.2.840.<wbr>113556.1.4.803:=2147483648)(<wbr>member:1.2.840.113556.1.4.<wbr>1941:=...)&#39;, attrs={objectGUID, name, description}, con</span></font><span style="font-size:11px;font-family:Menlo">trols={<wbr>SimplePagedResultsControl(<wbr>pageSize=100, isCritical=false)})&#39; request on server &#39;...&#39;</span></div></span></div><div style="margin:0px;line-height:normal"><span style="font-variant-ligatures:no-common-ligatures;font-size:11px"><font face="Menlo"><div style="margin:0px;line-height:normal">2017-05-12 14:22:24,456+02 DEBUG [org.ovirt.engineextensions.<wbr>aaa.ldap.Framework] (pool-25-thread-1) [] SearchResult: SearchResult(resultCode=0 (success), messageID=3, entriesReturned=66, referencesReturned=0, responseControls={<wbr>SimplePagedResultsControl(<wbr>pageSize=0, isCritical=false)})</div></font></span></div><div style="font-family:Menlo;font-size:11px"><span style="font-variant-ligatures:no-common-ligatures"><br></span></div><div style="font-family:Menlo;font-size:11px"><span style="font-variant-ligatures:no-common-ligatures"><br></span></div><div style="font-family:Menlo;font-size:11px"><span style="font-variant-ligatures:no-common-ligatures">And without </span>1.2.840.113556.1.4.<wbr>1941</div><div style="font-family:Menlo;font-size:11px"><br></div><div style="font-family:Menlo;font-size:11px"><div style="margin:0px;line-height:normal"><span style="font-variant-ligatures:no-common-ligatures"># numResponses: 54</span></div><div style="margin:0px;line-height:normal"><span style="font-variant-ligatures:no-common-ligatures"># numEntries: 50</span></div><div style="margin:0px;line-height:normal"><span style="font-variant-ligatures:no-common-ligatures"># numReferences: 3</span></div><div style="margin:0px;line-height:normal;min-height:13px"><span style="font-variant-ligatures:no-common-ligatures"></span><br></div><div style="margin:0px;line-height:normal"><span style="font-variant-ligatures:no-common-ligatures">real<span class="m_5720800219487051111Apple-tab-span" style="white-space:pre-wrap">        </span>0m0.051s</span></div><div style="margin:0px;line-height:normal"><span style="font-variant-ligatures:no-common-ligatures">user<span class="m_5720800219487051111Apple-tab-span" style="white-space:pre-wrap">        </span>0m0.008s</span></div><div style="margin:0px;line-height:normal"><span style="font-variant-ligatures:no-common-ligatures">sys<span class="m_5720800219487051111Apple-tab-span" style="white-space:pre-wrap">        </span>0m0.007s</span></div><div style="margin:0px;line-height:normal"><br></div></div><div style="font-family:Menlo;font-size:11px;margin:0px;line-height:normal">So it&#39;s an AD problem. 1.2.840.113556.1.4.1941 make it slow, but without it, the result is not the same. But I don&#39;t know if it&#39;s an AD or ovirt problem. I&#39;ll keep investigating.</div><div style="font-family:Menlo;font-size:11px;margin:0px;line-height:normal"><br></div><div style="font-family:Menlo;font-size:11px;margin:0px;line-height:normal">Thank&#39;s for your help.</div></div></div></div></div></div><span class="">______________________________<wbr>_________________<br>Users mailing list<br><a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br><a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br></span></div></blockquote></div><br></div></div></blockquote></div><br></div>