Platform: CentOS 6.4
ipa-python-3.0.0-26.el6_4.4.x86_64 ipa-admintools-3.0.0-26.el6_4.4.x86_64 ipa-pki-common-theme-9.0.3-7.el6.noarch python-iniparse-0.3.1-2.1.el6.noarch ipa-server-3.0.0-26.el6_4.4.x86_64 ipa-pki-ca-theme-9.0.3-7.el6.noarch ipa-server-selinux-3.0.0-26.el6_4.4.x86_64 libipa_hbac-1.9.2-82.7.el6_4.x86_64 ipa-client-3.0.0-26.el6_4.4.x86_64 libipa_hbac-python-1.9.2-82.7.el6_4.x86_64
https://confluence.atlassian.com/display/JIRA/Synchronising+Data+from+External+Directories
IPA user reported very slow performance - around 900 seconds to sync 103 users and 73 groups. User reported that openldap (2.4.23-32.1.el6) can sync in less than 10 seconds.
I don't know if this is specific to ipa or plain 389, but this should be much, much faster.
Improve description formatting.
Related thread on the users list: https://www.redhat.com/archives/freeipa-users/2013-August/msg00020.html
Yes see more details in the mail thread. It seems that the cause of the problem is really the bind operation rather than the search. We need to check how we can reduce the time spent in bind operation.
I discussed this ticket with Nathan and Rich, this is what I think we should do:
If there is a difference, we should be on a good path and can try to profile further. Rich recommended using callgrind:
# yum install valgrind To invoke callgrind, use a command line like the following: VG_LOGDIR=${VG_LOGDIR:-/var/tmp} valgrind -q --tool=callgrind ...other callgrind arguments.... --callgrind-out-file=${VG_LOGDIR}/callgrind.out.$$ ns-slapd -d 0 ...regular slapd args... & The following callgrind options are very useful: --collect-systime=yes - collect the time used by each function - this is shown in kcachegrind with sysTime and sysCount --collect-bus=yes - collect the atomic op events (useful for measuring mutex/locking) --separate-threads=yes - collect each threads' events separately - this makes it easier to see the flow of a particular thread The ns-slapd.sh script has support for callgrind if you set USE_CALLGRIND=1. See https://github.com/richm/scripts/blob/master/ns-slapd.sh. This will write the output to the file callgrind.out.PID. This file is not very human readable. I have found the best tool for analyzing callgrind output is the kcachegrind tool provided by the kdesdk package: yum install kdesdk Then launch kcachegrind -> Open -> select your callgrind.log.PID file.
After the analysis with kcachegrind, we should be able to see see where the process spends the most time and be able to see if we can speed it up.
kcachegrind
Starting to shape next release
There is not enough time left in 4.2 development to do this, we have to move it to next release.
Metadata Update from @rmeggins: - Issue assigned to tbordaz - Issue set to the milestone: FreeIPA 4.5 backlog
Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.
Metadata Update from @rcritten: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.