Univention Bugzilla – Bug 57193
index: Slow LDAP search regarding computer objects
Last modified: 2024-05-17 10:59:32 CEST
The customer's environement: 43575 DNS objects (objectclass=dnszone) 23458 PTR records (dns/ptr_record) 19640 host records (dns/host_record) 178 SOA records (sOARecord) 177 reverse zones (dns/reverse_zone) 1 forward zone (dns/forward_zone) When searching for or editing computer objects in "UMC computers" or "UMC school computers" the modules might run into a timeout because the underlying ldap search filter is using sOArecord=* which is not indexed. This might be a regression (git hash: 8817a9f442493e7d593fb16d08166cfe547895ca). Beforehand relativeDomainName=@ was used, which is indexed.
During further investigations it was noticed that beside the need to have a pres-index for sOArecord at least aAAARecord needs an equality index. In a lab environment syslog shows multiple entries Apr 4 10:21:57 dn1 slapd[986]: <= mdb_equality_candidates: (aAAARecord) not indexed The production enviroment shows a lot more of them on systems where the index was not already optimized before.
09c3c48e9f | Add index for sOARecord Package: univention-ldap Version: 16.0.15-5 Branch: ucs_5.0-0-errata5.0-7 Scope: errata5.0-7 The aAAARecord will be done via Bug 57222.
Test system has 234 sOARecords, behavior could be reproduced on test system. QA: - YAML/changelog: OK - Jenkins: OK - Only sAORecord is getting indexed: OK - postinst script package version requirement: OK - Behavior is fixed after index creation: OK (opening UMC school computers now takes ~2-3 seconds) - ldap_setup_index only updates UCR with new flag: OK
- creation of index completes in reasonable time: OK (~3 seconds with 234 sOARecords)
<https://errata.software-univention.de/#/?erratum=5.0x1024>