Univention Bugzilla – Bug 56628
UDM user/group creation takes very long if univentionLastUsedValue is not in sync since uidNumber/gidNumber uniqueness
Last modified: 2023-11-13 08:45:41 CET
After creating a new UCS system we have two different values for the uidNumber or gidNumber last used value counter: # univention-ldapsearch -LLL univentionLastUsedValue=* univentionLastUsedValue dn: cn=gidNumber,cn=temporary,cn=univention,dc=school,dc=dev univentionLastUsedValue: 5009 dn: cn=uidNumber,cn=temporary,cn=univention,dc=school,dc=dev univentionLastUsedValue: 2015 After creating 3000 users the values are similar equal but a new user or group creation will not update the other value. After creating another N thousand users but not group we have a large delta, e.g.: # univention-ldapsearch -LLL univentionLastUsedValue=* univentionLastUsedValue dn: cn=gidNumber,cn=temporary,cn=univention,dc=school,dc=dev univentionLastUsedValue: 5009 dn: cn=uidNumber,cn=temporary,cn=univention,dc=school,dc=dev univentionLastUsedValue: 28825 for ((i=10; i<=70000; i++)); do udm users/user create --set password=univention --set lastname=foo --set username="test$i" --position=cn=users,dc=school,dc=dev; done When a group is then created it counts up until a free gidNumber/uidNumber is found and for each value it makes a ldap search. Therefore 23816 searches are done. # time udm groups/group create --set name=group4 WARNING: The object is not going to be created underneath of its default containers. Object created: cn=group4,dc=school,dc=dev real 3m22,399s user 0m0,065s sys 0m0,016s With more than 70000 users this gets into a timeout when using the UDM REST API for creating the group (takes probably longer than 10 minutes). → we should update univentionLastUsedValue both in uidNumber and gidNumber if they don't have a large diff and UCRv directory/manager/uid_gid/uniqueness is not false. But the range for the first groups between 2015 and 5009 should still be used.