Compress LDAP Transaction Log

tretkowski · January 26, 2026, 9:44am

There are some rare situations in which the LDAP Servers Transaction Log in Nubus is growing faster than expected and needs to be compressed.

The translog.mdb can be deleted from all LDAP primary and secondary pods, that are not primary-0.
Get a list of all LDAP primary and secondary pods:

kubectl -n ntretkowski-nubus get pods | grep -E 'nubus-ldap-server-(primary|secondary)'

For every LDAP primary and secondary that are not primary-0 delete the Transaction Log enter the pod:

kubectl -n ntretkowski-nubus exec nubus-ldap-server-primary-1 -c main -it -- /bin/bash

Delete the Transaction Log in the pod:

rm -f /var/lib/univention-ldap/translog/*

Restart LDAP primaries and secondaries:

kubectl -n ntretkowski-nubus delete pod nubus-ldap-server-primary-1
kubectl -n ntretkowski-nubus rollout restart statefulset/nubus-ldap-server-secondary

Save the amount of LDAP Primary Replicas to an environment variable:

LDAP_REPLICAS="`kubectl -n ntretkowski-nubus get statefulset nubus-ldap-server-primary -o jsonpath='replicas: {.spec.replicas}{"\n"}' | cut -d " " -f 2`"
echo ${LDAP_REPLICAS}

Scale down LDAP Primaries and LDAP Notifier to 0:

kubectl -n ntretkowski-nubus scale statefulset nubus-ldap-server-primary nubus-ldap-notifier --replicas=0

Create a ConfigMap and a Pod which does the work:

kubectl -n ntretkowski-nubus apply -f - <<EOF
apiVersion: v1
kind: ConfigMap
metadata:
  name: nubus-translog-debug
data:
  script.sh: |
    apt-get update
    apt-get install lmdb-utils
    cp -av /var/lib/univention-ldap/translog /temp-volume
    rm -f  /var/lib/univention-ldap/translog/*
    time mdb_copy -c /temp-volume/translog /var/lib/univention-ldap/translog
    chmod 600 /var/lib/univention-ldap/translog/data.mdb
    chown 101:102 /var/lib/univention-ldap/translog/data.mdb
    echo "----- before -----"
    ls -lh /temp-volume/translog/
    echo "------ after ------"
    ls -lh /var/lib/univention-ldap/translog/
    echo "Finished!"
    sleep infinity
---
apiVersion: v1
kind: Pod
metadata:
  name: nubus-translog-debug
spec:
  containers:
  - name: debug
    image: docker.software-univention.de/ucs-base-524:0.21.1
    command: ["/bin/bash", "/scripts/script.sh"]
    volumeMounts:
    - name: shared-data
      mountPath: /var/lib/univention-ldap
    - name: temp-volume
      mountPath: /temp-volume
    - name: scripts
      mountPath: /scripts
  volumes:
  - name: shared-data
    persistentVolumeClaim:
      claimName: shared-data-nubus-ldap-server-primary-0
  - name: temp-volume
    emptyDir: {}
  - name: scripts
    configMap:
      name: nubus-translog-debug
      defaultMode: 0755
EOF

Watch output of Debug Pod:

kubectl -n ntretkowski-nubus logs -f nubus-translog-debug

When it’s finished, delete Pod and ConfigMap:

kubectl -n ntretkowski-nubus delete pod nubus-translog-debug
kubectl -n ntretkowski-nubus delete configmap nubus-translog-debug

Rescale LDAP Notifier and Primaries:

kubectl -n ntretkowski-nubus scale statefulset nubus-ldap-notifier --replicas=1
kubectl -n ntretkowski-nubus scale statefulset nubus-ldap-server-primary --replicas=${LDAP_REPLICAS}

system · January 26, 2026, 10:45am

This topic was automatically closed after 60 minutes. New replies are no longer allowed.