check number of indices in ldap_setup_index Our school ID Broker env broke because we ran out of indices (max 128 in 5.2, though it was increased to 256 in new openldap versions) If I understand this correctly, we currently have 29 indices free to use in a 5.2 school environment. If we configure to many, the ldap server refuses to start with the following error message: MDB_DBS_FULL: Environment maxdbs limit reached It would be helpful if our "ldap_setup_index" tool could check we number of used ldap indices and throw an error if we already have set up too many indices. I think an error in ldap_setup_index would be preferred over a stopped ldap server. Context: We want to add a new index in UCS@school, but we are not sure how many indices are already in use in customer environments and don't want to break them. ldap_setup_index: https://git.knut.univention.de/univention/dev/ucs/-/blob/5.2-2/management/univention-ldap/scripts/ldap_setup_index
Created attachment 11324 [details] 0001-ITS-9895-slapd-mdb-raise-MDB_INDICES-from-128-to-256.patch Ok, additionally we could pick up the OpenLDAP patch from https://bugs.openldap.org/show_bug.cgi?id=9895 I did a short check by compiling the UCS 5.2 openldap source package with the additional patch and there where no issues. It just changes the the input to mdb_env_set_maxdbs and http://www.lmdb.tech/doc/group__mdb.html#gaa2fc2f1f37cb1115e733b62cab2fcdbc says "a moderate number of slots are cheap but a huge number gets expensive". Since Howard Chu, the author of LMDB and maintainer of OpenLDAP chose to raise the value to 256 for the upstream maintained OpenLDAP versions, I think this is considered still a "moderate number". Unfortunately mdb_stat doesn't tell this value, but OTOH that also support the impression that it's a run-time parameter specified during mdb_db_open and not "tattooed" into the database itself (but obviously the number of actual sub-dbs used for indices are stored in the database). So, no database dump+restore or re-index should/will be necessary.
ucs-patches: 7de2f5306 | main | feat: Allow loading multiple instances of memberof overlay 23564f661 | main | ITS#9895 slapd-mdb: raise MDB_INDICES from 128 to 256 1fe876f9f | main | Revert "feat: Allow loading multiple instances of memberof overlay" Package: openldap Version: 2.5.13+dfsg-5A~5.2.0.202508061256 Release: 5.2-0 Scope: errata5.2-2 ucs: f50ddd60ee0 | 5.2-2 | feat(ldap): ldap_setup_index now checks if number of indexed attributes would exceed maximum number of lmdb sub-databases 1003e14ff57 | 5.2-2 | chore: Advisory for OpenLDAP Package: univention-ldap Version: 18.2.6 Release: 5.2-0 Scope: errata5.2-2
QA: OK: code review OK: advisories OK: manual test - script exits with error if it tries to add another index but the index limit is already reached
<https://errata.software-univention.de/#/?erratum=5.2x166> <https://errata.software-univention.de/#/?erratum=5.2x167>