Bug 49822

Summary: univentionAppID added to LDAP index in 30univention-appcenter.inst (second slapindex after LDAP replication)
Product: UCS Reporter: Felix Botner <botner>
Component: LDAPAssignee: UCS maintainers <ucs-maintainers>
Status: NEW --- QA Contact: UCS maintainers <ucs-maintainers>
Severity: normal    
Priority: P5 CC: hahn
Version: UCS 4.4   
Target Milestone: ---   
Hardware: Other   
OS: Linux   
See Also: https://forge.univention.org/bugzilla/show_bug.cgi?id=47609
What kind of report is it?: Bug Report What type of bug is this?: 2: Improvement: Would be a product improvement
Who will be affected by this bug?: 5: Will affect all installed domains How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.114 Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Felix Botner univentionstaff 2019-07-05 15:16:51 CEST 
see also Bug #49821

The same problem we i guess the same solution

Together with Bug #49821 this is the second! slapdindex after the LDAP replication during the slave/backup join.
Comment 1 Philipp Hahn univentionstaff 2019-07-05 15:52:02 CEST 
(In reply to Felix Botner from comment #0)
> see also Bug #49821
> 
> The same problem we i guess the same solution

NOOOOOOOOOOOO! Read Bug #49821 comment #1:
> You *must not* do that when the schema is only later registered using the UDM schema extension mechanism.

$ git grep univention-app.schema -- management/univention-appcenter/
management/univention-appcenter/30univention-appcenter.inst:    --schema /usr/share/univention-appcenter/univention-app.schema
Comment 2 Felix Botner univentionstaff 2019-07-05 16:17:14 CEST 
(In reply to Philipp Hahn from comment #1)
> (In reply to Felix Botner from comment #0)
> > see also Bug #49821
> > 
> > The same problem we i guess the same solution
> 
> NOOOOOOOOOOOO! Read Bug #49821 comment #1:
> > You *must not* do that when the schema is only later registered using the UDM schema extension mechanism.
> 
> $ git grep univention-app.schema -- management/univention-appcenter/
> management/univention-appcenter/30univention-appcenter.inst:    --schema
> /usr/share/univention-appcenter/univention-app.schema

we could check if the univentionAppID attribute is already known in the local schema (which it should be on an backup/slave) and add it to the index in 01univention-ldap-server-init.inst

from my point of view the index should be configured before the LDAP replication, so that we no longer need to slapindex during the "initial" join
Comment 3 Felix Botner univentionstaff 2019-07-05 16:28:51 CEST 
The problem on this bug applies to backup/slave only. On the UCS master the ldap database is "empty" during the initial join and a additional slapindex in not expensive, but on backup and slaves this could take while