Univention Bugzilla – Bug 52292
With many users access to udm/users via UMC is very slow (if no "unlimited" license key is in place)
Last modified: 2022-03-23 14:14:35 CET
With UCS 4.4-6 errata 767 When I log into the univention web-interface and go to https://.../univention/management/#module=udm:users/user:0: it takes a minute until the page is loaded and all other web-interface operations are blocked during that period. in top I can see slapd at 100-170% CPU for a minute or two /usr/lib/univention-pam/ldap-group-to-file.py --check_member at 30% CPU for a minute /usr/sbin/univention-management-console-module -m udm -s /var/run/univention-management-console/634-1604314966079.socket -d 2 -l en_US.UTF-8 at 8% CPU for a minute The delay occurs only once per login. On our similar 4.4-4 setup, this problem does not occur, but there may be some differences between these setups, so it is unclear whether this is a regression.
The customer further tested. It actual looks that the customization is responsible for the delay. PS is actual checking what is going on there. I would like to keep the bug open in the status need more info if the analysis finds something in the product.
The reason was a license file with 100.000 Users. Solved by unlimited users.
(In reply to Dirk Schnick from comment #4) > The reason was a license file with 100.000 Users. Solved by unlimited users. So, a system with multiple thousand users and a license which allows only a specific number of users causes a performance issue. The reason is the license check executed when opening the UDM module. The code for the check is here: https://git.knut.univention.de/univention/ucs/-/blob/4.4-7/management/univention-directory-manager-modules/modules/univention/admin/license.py#L398-407 → We should enhance the User filter. It can nowadays be simplified to '(univentionObjectType=users/user)'
Alternative proposed by Daniel: > I suggest to maintain a cache with the query result using a background > task started by the UMC login and have UDM use the cache. > A listener module would be better, but could only be used, if it'd be OK > to add/mod objects while the replication is ongoing/delayed.
Big customer affected, worked around with unlimited key
(In reply to Arvid Requate from comment #6) > Alternative proposed by Daniel: > > > I suggest to maintain a cache with the query result using a background > > task started by the UMC login and have UDM use the cache. > > A listener module would be better, but could only be used, if it'd be OK > > to add/mod objects while the replication is ongoing/delayed. AFAIK we already have sort of a cache for the internal user statistics.
91acda00cf Bug #52292: Enhance LDAP filter for user_account cd3e72bc77 Bug #52292: Enhance LDAP filter for user_account, incorporate QA comments 998df6a1a1 Bug #52292 Updated YAML for univention-directory-manager-modules
query in license.py and users/user.py are equal: OK manual tests: OK Performance: 30% improvement VERIFIED
<https://errata.software-univention.de/#/?erratum=5.0x259>