First Last Prev Next    This bug is not in your last search results.
Bug 56956 - S4 Connector joinscript DNS sync prioritization should be more specific
S4 Connector joinscript DNS sync prioritization should be more specific
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0-6-errata
Assigned To: Arvid Requate
Felix Botner
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2024-01-03 12:06 CET by Julia Bremer
Modified: 2024-01-31 15:39 CET (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 2: Improvement: Would be a product improvement
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 4: A User would return the product
User Pain: 0.046
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2023120621000198
Bug group (optional):
Max CVSS v3 score:

Attachments
Sync.patch (1.44 KB, patch)
2024-01-03 12:06 CET, Julia Bremer 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Julia Bremer univentionstaff 2024-01-03 12:06:10 CET 
Created attachment 11170 [details]
Sync.patch

In the joinscript 97univention-s4-connector.inst, certain kinds of objects are prioritized, so that all necessary objects (e.g. DNS objects) are synced to Samba4 first, without having to wait for all users etc.

We prioritize all DNS objects, but that is not specific enough for some customers. One customer had so many DNS objects, they are only synced after ~10 hours. 

The attached patch reduced the join time from 20 hours with a failed joinscript to 10 hours and a successful completion. 

I am not sure if this should be part of the products, since the caveat is that the s4connector will be occupied for the next few hours. But that has been the case before. The time difference can be a lot though, especially in big environments.
Comment 1 Arvid Requate univentionstaff 2024-01-03 18:00:17 CET 
Maybe we can also slim down the generic prioritization `objectClass=dNSZone`
to just "(|(univentionObjectType=dns/forward_zone)(univentionObjectType=dns/reverse_zone))".

Unfortunately in the OpenLDAP schema, all DNS objects match objectclass=dNSZone.

If we do that, then we probably also need to explicitly prioritize
"(|(univentionObjectType=dns/srv_record)(univentionObjectType=dns/alias))"
to get the AD-specific records over early enough.
Comment 3 Arvid Requate univentionstaff 2024-01-29 14:45:03 CET 
555748bfa0 | Improve prioritization for initial S4-Connector sync

Package: univention-s4-connector
Version: 14.0.16-3
Branch: ucs_5.0-0
Scope: errata5.0-6
Comment 4 Felix Botner univentionstaff 2024-01-31 10:07:01 CET 
OK - univention-s4-connector
OK - yaml
OK - tests
First Last Prev Next    This bug is not in your last search results.