On Wed, Apr 09, 2014 at 11:24:33AM +0200, Lukas Slebodnik wrote:
On (09/04/14 11:16), Angel Bosch wrote:
>> The problem is enumeration.
>>
>> I would say you have a lot of users in your LDAP. sssd_be was
>> fetching
>> informations from LDAP (reason of high CPU usage). It took very long
>> time
>> and sssd_be diddn't have a time to reply with "pong" to main
process.
>> Therefore sssd_be was restarted.
>>
>> You can try to increase timeout from default value 10 seconds to 15
>> or 20.
>> Please do not use very big value, because it can have negative
>> consequences
>> for other processes.
>>
>
>
>ok, finally got it working.
>
>now I see lot of errors like this:
>
>(Wed Apr 9 11:13:18 2014) [sssd[be[xxx.net]]] [sdap_save_grpmem] (0x0040): Failed to
save user maquines
>(Wed Apr 9 11:13:18 2014) [sssd[be[xxx.net]]] [sdap_save_groups] (0x0040): Failed to
store group 5 members.
It is imposible to say that from these two lines.
We need bigger context or better whole log file from domain.
yes, more context would be needed.
Additionally please check if e.g. the user maquines is in all expected
groups. If yes, then this messages might just be a side effect of
enumeration. If SSSD tries to add a user to a group where it is already
a member a error code indicating this might be returned.
bye,
Sumit
LS
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users