[openstack-dev] Keystone Split Backend LDAP Hang Problem

Dolph Mathews dolph.mathews at gmail.com
Wed Aug 7 23:40:15 UTC 2013 

That's been a "don't do that" for quite a while, but we might finally have
a solution in havana:

  https://blueprints.launchpad.net/keystone/+spec/pagination-backend-support


On Wed, Aug 7, 2013 at 3:56 PM, Miller, Mark M (EB SW Cloud - R&D -
Corvallis) <mark.m.miller at hp.com> wrote:

>  Hello,****
>
> ** **
>
> I ran into an issue/problem with keystone and it is ok to simply tell me
> to “don’t do that”, but I am wondering how others approach this problem. *
> ***
>
> ** **
>
> I have the keystone H-2 split backend code connected the HP Enterprise
> Directory which is humongous in size. From that directory I have only one
> user configured with a project role in keystone. When I performed the
> following REST API call:****
>
> GET:   http://15.253.58.141:35357/v3/users****
>
> ** **
>
> The keystone server took almost an hour and a half to process my request
> before responding with the correct information:****
>
> ** **
>
> 2013-07-28 08:54:24    DEBUG [keystone.common.ldap.core] LDAP bind:
> dn=cn=CloudOSKeystoneDev, ou=Applications, o=hp.com****
>
> 2013-07-28 08:54:25    DEBUG [keystone.common.ldap.core] In get_connection
> 6 user: cn=CloudOSKeystoneDev, ou=Applications, o=hp.com****
>
> 2013-07-28 08:54:25    DEBUG [keystone.common.ldap.core] MY query in
> _ldap_get_all filter: None, query: (&(objectClass=hpPerson))****
>
> 2013-07-28 08:54:25    DEBUG [keystone.common.ldap.core] LDAP search:
> dn=ou=People,o=hp.com, scope=2, query=(&(objectClass=hpPerson)),
> attrs=['None', 'userPassword', 'hpStatus', 'mail', 'cn']****
>
> 2013-07-28 10:20:10     INFO [access] 15.253.57.88 - -
> [28/Jul/2013:17:20:10 +0000] "GET http://15.253.58.141:35357/v3/usersHTTP/1.0" 200 87832184
> ****
>
> 2013-07-28 10:20:25    DEBUG [eventlet.wsgi.server] 15.253.57.88 - -
> [28/Jul/2013 10:20:25] "GET /v3/users HTTP/1.1" 200 87832342 5160.268039**
> **
>
> ** **
>
> REST API response:****
>
> ** **
>
> {****
>
>     "user": {****
>
>         "name": "mark.m.miller at hp.com",****
>
>         "links": {****
>
>             "self": "http://localhost:5000/v3/users/mark.m.miller@hp.com"*
> ***
>
>         },****
>
>         "enabled": "Active",****
>
>         "domain_id": "default",****
>
>         "email": "mark_m_miller at hp.com",****
>
>         "id": "mark.m.miller at hp.com"****
>
>     }****
>
> }****
>
> ** **
>
> After completing my request I found that Keystone was locked up and
> required a stop/start service command to get it responding again. How do
> other people with ldap backends handle this problem?****
>
> ** **
>
> Thanks,****
>
> ** **
>
> Mark****
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 

-Dolph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130807/c9329958/attachment.html>

More information about the OpenStack-dev mailing list