First Last Prev Next    This bug is not in your last search results.
Bug 57193 - index: Slow LDAP search regarding computer objects
index: Slow LDAP search regarding computer objects
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UDM (Generic)
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0-7-errata
Assigned To: Arvid Requate
Marius Meschter
:
Depends on:
Blocks: 57222
  Show dependency treegraph
 
Reported: 2024-03-26 17:26 CET by Finn David
Modified: 2024-04-18 13:55 CEST (History)
5 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.091
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2024031421000152, 2024040421000115
Bug group (optional): Regression
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Finn David univentionstaff 2024-03-26 17:26:01 CET 
The customer's environement:

43575  DNS objects (objectclass=dnszone)
23458  PTR records (dns/ptr_record)
19640  host records (dns/host_record)
178    SOA records (sOARecord)
177    reverse zones (dns/reverse_zone)
1      forward zone (dns/forward_zone)


When searching for or editing computer objects in "UMC computers" or "UMC school computers" the modules might run into a timeout because the underlying ldap search filter is using sOArecord=* which is not indexed.

This might be a regression (git hash: 8817a9f442493e7d593fb16d08166cfe547895ca). Beforehand relativeDomainName=@ was used, which is indexed.
Comment 2 Dirk Ahrnke univentionstaff 2024-04-04 10:31:48 CEST 
During further investigations it was noticed that beside the need to have a pres-index for sOArecord at least aAAARecord needs an equality index. 

In a lab environment syslog shows multiple entries

Apr  4 10:21:57 dn1 slapd[986]: <= mdb_equality_candidates: (aAAARecord) not indexed

The production enviroment shows a lot more of them on systems where the index was not already optimized before.
Comment 4 Arvid Requate univentionstaff 2024-04-15 16:51:27 CEST 
09c3c48e9f | Add index for sOARecord

Package: univention-ldap                                                                                            
Version: 16.0.15-5
Branch: ucs_5.0-0-errata5.0-7
Scope: errata5.0-7


The aAAARecord will be done via Bug 57222.
Comment 5 Marius Meschter univentionstaff 2024-04-16 12:54:41 CEST 
Test system has 234 sOARecords, behavior could be reproduced on test system.

QA:
- YAML/changelog: OK
- Jenkins: OK
- Only sAORecord is getting indexed: OK
- postinst script package version requirement: OK
- Behavior is fixed after index creation: OK (opening UMC school computers now takes ~2-3 seconds)
- ldap_setup_index only updates UCR with new flag: OK
Comment 6 Marius Meschter univentionstaff 2024-04-16 12:55:49 CEST 
- creation of index completes in reasonable time: OK (~3 seconds with 234 sOARecords)
First Last Prev Next    This bug is not in your last search results.