Univention Bugzilla – Bug 56809
Deletion of big OUs via UDM takes hours to complete.
Last modified: 2023-11-10 09:45:42 CET
When I delete a big OU via UDM, there is no progress for a long time, but after HOURS it is deleted: time udm container/ou remove --dn ou=delmasse31,<ldap base> Object removed: ou=delmasse31,<ldap base> real 621m23,798s user 0m0,067s sys 0m0,006s The OU delmasse contained about 30k objects, mainly school users. (I can provide the LDIF file before deletion on request) univention-app info: UCS: 5.0-5 errata857 Installed: admindiary-backend=1.0 admindiary-frontend=1.0 itslearning=5.0-ucs1 ox-connector=2.2.7 privacyidea-saml=2.1.2 self-service=5.0 self-service-backend=5.0 ucsschool=5.0 v4 4.4/dovecot-connector=1.0.2 4.4/ucsschool-id-connector=2.2.5 4.4/ucsschool-kelvin-rest-api=1.8.8 4.4/ucsschool-veyon-proxy=4.7.4.14-0 Upgradable: privacyidea-saml dovecot-connector ucsschool-id-connector ucsschool-kelvin-rest-api udm settings/udm_hook list | sed -ne 's/DN: cn=//p' schoolOU schoolAdminGroup ucsschool_user_options ucsschool_purge_timestamp ucsschool_role_computers monitoring oxAccess oxContextRW oxGroupHook oxUserDefaults
Type of bug is "improvement". What are your expectations? Please provide KPIs.
I repeated this on a non-UCS-School system (no apps, 5.0-5 errata872, same HW specs) ## create users A small script for creation.... #!/bin/bash OU=delmasse01 START_TIME=$(date +%s) for i in {1..30000}; do udm users/user create \ --ignore_exists \ --position "cn=users,ou=$OU,$(ucr get ldap/base)" \ --set lastname=Doe \ --set username="user_$i" \ --set unixhome="/home/user_$i" \ --set password="univention_$i" echo "Created user_$i" done duration="$(($(date +%s)-START_TIME))" echo "Created 30k users in $duration seconds" Created 30k users in 18636 seconds ## delete time udm container/ou remove --dn ou=delmasse01,$(ucr get ldap/base) Object removed: ou=delmasse01,<ldap base> real 1155m50,602s user 0m0,113s sys 0m0,034s - slapd was at 100% CPU, 2 cores
1. Have you waited after the object-creation until the replication (Listener) was done, before starting the deletion? 2. School OUs should not contain 30k users. That's not a realistic scenario. The performance will be very bad, because of the massive size of the "Domain Users $OU" group!
Not only the "Domain Users $OU" group but also the "$ROLE $OU" groups will be massive. OpenLDAP does not work well with huge multi-value attributes.