On 12 Apr 2016 16:29, "Scott Robbins" scottro11@gmail.com wrote:
On Tue, Apr 12, 2016 at 09:45:17AM +0200, Marcin Trendota wrote:
W dniu 11.04.2016 o 20:07, Scott Robbins pisze:
Any ideas?
DNS?
Is LDAP listed in the /etc/nsswitch.conf?
In nsswitch.conf i have: passwd: files sss shadow: files sss group: files sss
DNS works fine. I think that sssd communicates with LDAP server with every authentication - i have tons of following entries in log:
http:// http://pastebin.com/rZVjk0gWpastebin.com
http://pastebin.com/rZVjk0gW/ http://pastebin.com/rZVjk0gWrZVjk0gW http://pastebin.com/rZVjk0gW
And it repeats for same user over and over again. Is this correct
behavior?
RedHat never really mastered LDAP, unfortunately. I have a by now ancient article, that mentions it.
<snip>
What utter nonsense. Just because you poorly configured your system does not mean that Red Hat never really mastered it... And translating very old experiences to CentOS 7 is even more ridiculous and counter productive.
To the OP enumerate is always painful, I'd remove that for a start.
My experience with the DAV SVN though is that clients are horrible in their requests... So many it hits it so hard...
After various testing I ended up going with the Apache LDAP cache module and doing the auth at the Apache level, not system.
Was far better in performance with the SVN server being hit fairly hard. I can try and dig out an example configuration if you would like.
The bonus here as well is that svn users are separated cleanly from system users... No reason for a dev to have a shell account on there ;)