Bug 40511

Summary: Rejoin of UCS Backup with Samba AD - Init of samba4-idmap listener module takes ages
Product: UCS Reporter: Michael Grandjean <grandjean>
Component: Samba4Assignee: Stefan Gohmann <gohmann>
Status: CLOSED FIXED QA Contact: Arvid Requate <requate>
Severity: normal    
Priority: P5 CC: gohmann, michelsmidt
Version: UCS 4.1   
Target Milestone: UCS 4.1-3-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: Bug Report What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.137 Enterprise Customer affected?: Yes
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: 2016101121000687 Bug group (optional): Large environments
Max CVSS v3 score:
Bug Depends on:    
Bug Blocks: 42819    

Description Michael Grandjean univentionstaff 2016-01-27 11:40:50 CET 
I re-joined a UCS Backup (4 CPUs, 8 GB RAM) with Samba AD in a UCS@school Multi-Server-Environment with ~19.000 entires in /var/lib/samba/private/idmap.ldb using "univention-join". 

After more than 2 hours the join was still at 03univention-directory-listener and the initializing of the samba4-idmap listener module:

> 26.01.16 09:20:19.476  LISTENER    ( WARN    ) : initializing module samba4-idmap
> [...]
> 26.01.16 11:35:35.227  LISTENER    ( WARN    ) : finished initializing module samba4-idmap

I guess the listener module searches in the existing idmap.ldb and checks every single entry for changes. Also very little information is logged and you easily get the impression, that the whole join is stuck.

I a second attempt, we moved the existing idmap.ldb:

> mv /var/lib/samba/private/idmap.ldb /var/lib/samba/private/idmap.ldb.bak

and run "univention-join" again. This time, the join was much faster and initializing the samba4-idmap listener module was done in less than 9 minutes:

> 26.01.16 11:52:34.216  LISTENER    ( WARN    ) : initializing module samba4-idmap
> [...]
> 26.01.16 12:01:04.114  LISTENER    ( WARN    ) : finished initializing module samba4-idmap

Imho we should remove the idmap.ldb by default.
Comment 1 Stefan Gohmann univentionstaff 2016-10-12 22:13:09 CEST 
Happened again: Ticket #2016101121000687

I'll move it to UCS because it is not only a UCS@school issue.
Comment 2 Stefan Gohmann univentionstaff 2016-10-14 06:45:49 CEST 
The idmap.ldb database is now removed while initializing the samba4-idmap listener module.

4.1-3: r73188
4.2: r73189
YAML: r73190
Comment 3 Arvid Requate univentionstaff 2016-10-17 18:29:14 CEST 
Verified

root@master10:~# univention-directory-listener-ctrl resync samba4-idmap
root@master10:~# ls /var/lib/samba/private/idmap.ldb*

/var/lib/samba/private/idmap.ldb
/var/lib/samba/private/idmap.ldb_1476721611

Advisory is ok too.
Comment 4 Janek Walkenhorst univentionstaff 2016-10-20 12:40:10 CEST 
<http://errata.software-univention.de/ucs/4.1/309.html>