Saturday, December 30, 2023

[389-users] Troubleshooting of slow user add or modify operation in certain conditions

Hi. I recently created this issue -
Maybe github is not the place for such general questions so I repost it here. In our deployments we have a lot of production environment for out clients. For granular access every client is placed into separate group (in github issue picture analogue is group-test-<num>) for which HBACs and SUDO rules applied.

But our support team need access all those environments, so support members are placed into the group team-support-l2 which automatically added as a member of every clients group (github issue analogue is user-group). Right now I basically expierience inability to add users to team-support-l2 because it hangs ldap server completly for several minutes, making every freeipa service that depends on ns-slapd inaccessible.

Are we doing something wrong in a way we are setting our group membership? Or should it work just fine with such number of groups?

Problem is the same for 389-ds-base-1.4.3 deployments and 389-ds-base-2.2.3 deployments.
389-users mailing list --
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:
Do not reply to spam, report it:

No comments:

Post a Comment