On 12 Apr 2016 16:29, "Scott Robbins" <scottro11 at gmail.com> wrote: > > On Tue, Apr 12, 2016 at 09:45:17AM +0200, Marcin Trendota wrote: > > W dniu 11.04.2016 o 20:07, Scott Robbins pisze: > > > > >>> Any ideas? > > >> DNS? > > > Is LDAP listed in the /etc/nsswitch.conf? > > > > In nsswitch.conf i have: > > passwd: files sss > > shadow: files sss > > group: files sss > > > > DNS works fine. I think that sssd communicates with LDAP server with > > every authentication - i have tons of following entries in log: > > > > http:// <http://pastebin.com/rZVjk0gW>pastebin.com <http://pastebin.com/rZVjk0gW>/ <http://pastebin.com/rZVjk0gW>rZVjk0gW <http://pastebin.com/rZVjk0gW> > > > > And it repeats for same user over and over again. Is this correct behavior? > RedHat never really mastered LDAP, unfortunately. I have a by now ancient > article, that mentions it. > <snip> What utter nonsense. Just because you poorly configured your system does not mean that Red Hat never really mastered it... And translating very old experiences to CentOS 7 is even more ridiculous and counter productive. To the OP enumerate is always painful, I'd remove that for a start. My experience with the DAV SVN though is that clients are horrible in their requests... So many it hits it so hard... After various testing I ended up going with the Apache LDAP cache module and doing the auth at the Apache level, not system. Was far better in performance with the SVN server being hit fairly hard. I can try and dig out an example configuration if you would like. The bonus here as well is that svn users are separated cleanly from system users... No reason for a dev to have a shell account on there ;)