Bug 40511 - Rejoin of UCS Backup with Samba AD - Init of samba4-idmap listener module takes ages
Rejoin of UCS Backup with Samba AD - Init of samba4-idmap listener module tak...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-3-errata
Assigned To: Stefan Gohmann
Arvid Requate
:
Depends on:
Blocks: 42819
  Show dependency treegraph
 
Reported: 2016-01-27 11:40 CET by Michael Grandjean
Modified: 2016-11-07 18:01 CET (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.137
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number: 2016101121000687
Bug group (optional): Large environments
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Grandjean univentionstaff 2016-01-27 11:40:50 CET
I re-joined a UCS Backup (4 CPUs, 8 GB RAM) with Samba AD in a UCS@school Multi-Server-Environment with ~19.000 entires in /var/lib/samba/private/idmap.ldb using "univention-join". 

After more than 2 hours the join was still at 03univention-directory-listener and the initializing of the samba4-idmap listener module:

> 26.01.16 09:20:19.476  LISTENER    ( WARN    ) : initializing module samba4-idmap
> [...]
> 26.01.16 11:35:35.227  LISTENER    ( WARN    ) : finished initializing module samba4-idmap

I guess the listener module searches in the existing idmap.ldb and checks every single entry for changes. Also very little information is logged and you easily get the impression, that the whole join is stuck.

I a second attempt, we moved the existing idmap.ldb:

> mv /var/lib/samba/private/idmap.ldb /var/lib/samba/private/idmap.ldb.bak

and run "univention-join" again. This time, the join was much faster and initializing the samba4-idmap listener module was done in less than 9 minutes:

> 26.01.16 11:52:34.216  LISTENER    ( WARN    ) : initializing module samba4-idmap
> [...]
> 26.01.16 12:01:04.114  LISTENER    ( WARN    ) : finished initializing module samba4-idmap

Imho we should remove the idmap.ldb by default.
Comment 1 Stefan Gohmann univentionstaff 2016-10-12 22:13:09 CEST
Happened again: Ticket #2016101121000687

I'll move it to UCS because it is not only a UCS@school issue.
Comment 2 Stefan Gohmann univentionstaff 2016-10-14 06:45:49 CEST
The idmap.ldb database is now removed while initializing the samba4-idmap listener module.

4.1-3: r73188
4.2: r73189
YAML: r73190
Comment 3 Arvid Requate univentionstaff 2016-10-17 18:29:14 CEST
Verified

root@master10:~# univention-directory-listener-ctrl resync samba4-idmap
root@master10:~# ls /var/lib/samba/private/idmap.ldb*

/var/lib/samba/private/idmap.ldb
/var/lib/samba/private/idmap.ldb_1476721611

Advisory is ok too.
Comment 4 Janek Walkenhorst univentionstaff 2016-10-20 12:40:10 CEST
<http://errata.software-univention.de/ucs/4.1/309.html>