Univention Bugzilla – Bug 56348
Low performance of UDM move operations due to ldap.MOD_REPLACE in the context of large groups
Last modified: 2023-08-02 16:06:28 CEST
This is about the performance of a move operation of a user, for example: ``` udm users/user move --dn='uid=aaa,cn=schueler,cn=users,ou=school1,dc=school,dc=test' --position='cn=schueler,cn=users,ou=school2,dc=school,dc=test' ``` This took 4 to 7 seconds on a primary within a large environment (2000 user OUs, total of 300000 users) which was a lot compared to adding/removing users which takes less than a second. The moved user was member of `Domain Users school2,cn=groups,ou=school2,dc=school,dc=test` and `cn=schueler-school2,cn=groups,ou=school2,dc=school,dc=test` which have around 2000 other members each. When moving position of the user in the DIT, this results, due to method `_move_in_groups` https://git.knut.univention.de/univention/ucs/-/blob/5.0-4/management/univention-directory-manager-modules/modules/univention/admin/handlers/__init__.py#L1510-1520 in a _replacement_ of the `uniqueMember` attribute - so all 2000 attributes are deleted and added again. Additionally the list comprehension generates a lot of overhead. One already knows the move operation, so why not just delete the single attribute that corresponds to the moved user? Both the list comprehension and the modify will only take a fraction of the current time then, if my understanding of `ldapmodify` is correct. I'll post a MR as a suggestion in a minute.
See MR https://git.knut.univention.de/univention/ucs/-/merge_requests/845 for a suggestion, but please keep in mind that I have not that much experience with UDM/uldap internals.
https://git.knut.univention.de/univention/ucs/-/merge_requests/845 merged with the following commit: univention-directory-manager-modules.yaml bb4aeae7f9bb | fix(udm): Improve UDM move performance for users and computers univention-directory-manager-modules (15.0.24-14) bb4aeae7f9bb | fix(udm): Improve UDM move performance for users and computers No behavior change expected, a move is now just faster.
OK: Code review OK: functional test: group memberships are still preserved when moving users OK: error handling OK: advisory I did not perform performance comparisons (in my small system the move took equal time). but from code review it looks promising.
<https://errata.software-univention.de/#/?erratum=5.0x756>