New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: <dav> upgrade step takes hours when server connected to large LDAP directory, or has hundreds of users #39744
Comments
Thank you 👍 Sounds like a reasonable request. We run syncInstance from a migration1 during the upgrade. Idea:
Footnotes |
|
We could load-balance the instance sync by dispatching a small background job for each user. Instead of running the migration in a loop for all users at a time, the migration would dispatch a background job for every user known at upgrade time. The cron/background process will then pick up those jobs in the background, even when the system is live and outside of maintenance mode. Downside: right after upgrade, data is slightly inconsistent. |
Note: this is not an LDAP only issue but a "lot of users" issue: #39769 |
Can you give us a guesstimate of the amount of users you have @andrewperry ? |
Bug description
When upgrading from 26.0.4 to 27.0.1 there is a step in the upgrade flow that says:
"Updating <dav> ..."
which seems to query the ldap directory and for every entry in LDAP update the "System Address Book" in the 'addressbooks' table as well as create an account in the 'accounts' table with a corresponding entry in the 'ldap_user_mapping' table.
If a server is connected to an LDAP directory with thousands, tens of thousands or hundreds of thousands of users, this can take hours to recurse through and it does not seem that this is a step that should block the completion of the upgrade. Can this step please be moved to a separate recommendation, like the addition of indexes for performance, that would appear in the admin interface alongside other security & performance recommendations. This would enable the server to get out of maintenance mode quicker, rather than have the server offline for hours (or days) while tens of thousands of LDAP accounts are probed and accounts created and/or carddav 'cards' in the "system" addressbook updated (often without them needing to be as they should only be created when the user attempts to login to nextcloud with their LDAP credentials).
Steps to reproduce
Expected behavior
Upgrade should complete without the need to recurse the whole connected LDAP directory.
Installation method
Community Web installer on a VPS or web space
Nextcloud Server version
27
Operating system
Debian/Ubuntu
PHP engine version
PHP 8.1
Web server
Apache (supported)
Database engine version
MariaDB
Is this bug present after an update or on a fresh install?
Upgraded to a MAJOR version (ex. 22 to 23)
Are you using the Nextcloud Server Encryption module?
None
What user-backends are you using?
Configuration report
No response
List of activated Apps
No response
Nextcloud Signing status
No response
Nextcloud Logs
No response
Additional info
No response
The text was updated successfully, but these errors were encountered: