Description Florian Best 2023-09-19 16:06:12 CEST

After creating a new UCS system we have two different values for the uidNumber or gidNumber last used value counter:

# univention-ldapsearch -LLL univentionLastUsedValue=* univentionLastUsedValue
dn: cn=gidNumber,cn=temporary,cn=univention,dc=school,dc=dev
univentionLastUsedValue: 5009

dn: cn=uidNumber,cn=temporary,cn=univention,dc=school,dc=dev
univentionLastUsedValue: 2015

After creating 3000 users the values are similar equal but a new user or group creation will not update the other value.

After creating another N thousand users but not group we have a large delta, e.g.:
# univention-ldapsearch -LLL univentionLastUsedValue=* univentionLastUsedValue                                                                                                                                                 
dn: cn=gidNumber,cn=temporary,cn=univention,dc=school,dc=dev
univentionLastUsedValue: 5009

dn: cn=uidNumber,cn=temporary,cn=univention,dc=school,dc=dev
univentionLastUsedValue: 28825

for ((i=10; i<=70000; i++)); do udm users/user create --set password=univention --set lastname=foo --set username="test$i" --position=cn=users,dc=school,dc=dev; done

When a group is then created it counts up until a free gidNumber/uidNumber is found and for each value it makes a ldap search.
Therefore 23816 searches are done.

# time udm groups/group create --set name=group4
WARNING: The object is not going to be created underneath of its default containers.
Object created: cn=group4,dc=school,dc=dev

real    3m22,399s
user    0m0,065s
sys     0m0,016s

With more than 70000 users this gets into a timeout when using the UDM REST API for creating the group (takes probably longer than 10 minutes).

→ we should update univentionLastUsedValue both in uidNumber and gidNumber if they don't have a large diff and UCRv directory/manager/uid_gid/uniqueness is not false. But the range for the first groups between 2015 and 5009 should still be used.