Problem: More than 90% of LDAP mdb database is used

Knowledge Base Community
, , , , ,
#1

Problem

Your local LDAP database is used by more than 90% and you are getting error states from Nagios checks.

This might happen if you have a lot of objects (users, computers and so on) in your LDAP database.

Note: Check the usage of the translog database as it might be related.

Solution

Option 1 (recommended)

64bit systems

Increase the maximum size with the ucr-variable from the default 2GiB to 3GiB. You should set this value on all servers (master, backups, slaves) accordingly.

ucr set  ldap/database/mdb/maxsize=3221225472
systemctl restart slapd
systemctl restart univention-directory-listener

Note: Increasing the size will increase memory (RAM) usage of LDAP service.

32bit systems

On 32bit systems the maximum possible value is 1.9GiB which is the default value. Here you can not increase the value. To decrease the amount of data stored on a slave server you will have to use LDAP-ACLs to filter the objects getting replicated by this slave (Note: if this is a master server your only chance is to switch to 64bit architecture).
Even when applying filters database pages will stay allocated and the usage percentage remains high.

Option 2

In case you can not increase the database size due to other limitations (disk space, memory consumption) you could gain some space by reclaiming unused space as shown in the following.
Note: This might work only temporarly as the stored data might reached size of nearly 2GB.

32bit and 64bit systems

To free up unused pages with in the database file copy the file excluding unused pages:

Option A

root@ucs:~# cd /var/lib/univention-ldap/
root@ucs:~# mkdir ldap-new
root@ucs:~# systemctl stop slapd.service
root@ucs:~# mdb_copy -c ldap/ ldap-new/
root@ucs:~# mv ldap ldap-old; mv ldap-new ldap
root@ucs:~# systemctl start slapd.service

Option B

You can do an slapcat and slapadd, which might be more effective, but also takes more time:

root@ucs:~# systemctl stop univention-directory-listener slapd.service
root@ucs:~# slapcat >ldap_full.ldif
root@ucs:~# tar -cjvf "ldap_backup_$(date '+%s').tar.bz2" /var/lib/univention-ldap/ldap/data.mdb --remove-files
root@ucs:~# slapadd -l ldap_full.ldif
root@ucs:~# systemctl start slapd.service univention-directory-listener



see also:
How-to: Cleanup LDAP mdb and free used space
Mastodon