Bug 53191 - univentionSharePath and univentionShareHost not indexed
univentionSharePath and univentionShareHost not indexed
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: LDAP
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0
Assigned To: Arvid Requate
Jürn Brodersen
: interim-4
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-04-29 10:30 CEST by Jürn Brodersen
Modified: 2021-05-25 15:59 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jürn Brodersen univentionstaff 2021-04-29 10:30:32 CEST
univentionSharePath and univentionShareHost not indexed

Apr 29 10:01:17 ucs-2888 slapd[13164]: <= mdb_equality_candidates: (univentionShareHost) not indexed
Apr 29 10:01:17 ucs-2888 slapd[13164]: <= mdb_equality_candidates: (univentionSharePath) not indexed

https://hutten.knut.univention.de/mediawiki/index.php/Produkttests_UCS_5.0_LDAP#LDAP-Indizes_aktualisieren

How to reproduce:
Create a share and open the shares umc module
Comment 1 Philipp Hahn univentionstaff 2021-04-29 11:43:54 CEST
Searching for those two attributes finds the following 3 searches:

# git grep -e univentionSharePath= -e univentionShareHost=
base/univention-lib/debian/python-univention-lib.postinst:      (&(univentionSharePath=*)(univentionShareHost=%s))
base/univention-quota/quota.py: (&(objectClass=univentionShare)(univentionShareHost=%s))
services/univention-nfs/nfs-shares.py: (&(objectClass=univentionShare)(|(univentionShareHost=%s.%s)(univentionShareHost=%s)))


Only the first one is problematic as it does not contain the (objectClass=univentionShare) condition: OpenLDAP then has do a complete scan of ALL entries.

Fix 1: add (objectClass=univentionShare) to the filter string
Fix 2: Remove the LDAP search completely and/or put it in a conditional to be executed only with `dpkg --compare-versions "$2" lt-nl 8.0.0-15` (executed only on upgrade) instead of `lt` (executed both on install and upgrade). The warning is quiet pointless as it is printed to STDOUT, which gets redirected to /var/log/univention/updater.log.

Adding everything to indexes is not a good idea as it slows down LDAP removal dramatically.
Comment 2 Arvid Requate univentionstaff 2021-05-11 15:18:18 CEST
eef728e45b | Improve performance of LDAP search for univentionShareHost in postinst

Package: univention-lib
Version: 9.0.11-4A~5.0.0.202105111518
Branch: ucs_5.0-0
Comment 3 Jürn Brodersen univentionstaff 2021-05-14 10:59:52 CEST
What I tested:
New search filter is faster and produces the same results -> OK
jenkins -> OK
No functional changes -> no changelog needed -> OK
-> Verified

> Adding everything to indexes is not a good idea as it slows down LDAP removal dramatically.

I added a bug if we want to discuss this further and so I can add a link to the product test page. Bug 53259
Comment 4 Florian Best univentionstaff 2021-05-25 15:59:27 CEST
UCS 5.0 has been released:
 https://docs.software-univention.de/release-notes-5.0-0-en.html
 https://docs.software-univention.de/release-notes-5.0-0-de.html

If this error occurs again, please use "Clone This Bug".