Once the libkev work is done we could improve performances a lot by using a persistent search and caching kerberos related data in memory so that we never have to suffer a roundtrip to LDAP except when it sends us information because the database has changed (and even then it is only half a roundtrip).
When multiple listeners are used only one process would keep a persistent search, while others would use their ldap connection only to push changes to ldap.
This cache could be held in a mmaped file (tdb/tdb2 ?).
Deferring as this is optimization work that can be done later.
Merge KDC LDAP components to one.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1044121 (Red Hat Enterprise Linux 7)
Putting in needs triage.
The FreeIPA 4.2 was already shaped (see [[milestone:FreeIPA 4.2]] milestone), this does not fit. Pushing out.
If anyone is willing to help and contribute with this one, please shout!
Metadata Update from @dpal: - Issue assigned to simo - Issue set to the milestone: FreeIPA 4.5 backlog
From the BZ:
This issue is unlikely to happen any more since this commit: https://pagure.io/freeipa/c/73f61ce214e784ab8176a1f7acac6a3dbf1474ae ipa-kdb: update trust information in all workers (done on master branch, also present in 4.7.0).
A backport has been done in ipa-4-6 branch with https://pagure.io/freeipa/c/5973f09696ea3f1bed37b33a2b7caf317da63f1b ipa-kdb: update trust information in all workers (available on FreeIPA 4.6.4, which was the base for rhel 7.6).
Hence closing as CURRENTRELEASE.
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.