Replicas take a lot longer to be added to servers running eDirectory 9.0

  • 7018119
  • 04-Oct-2016
  • 04-Feb-2019

Environment

NetIQ eDirectory 9

Situation

It takes a very long time to add replicas to a newly introduced eDirectory 9.0 or 9.0.1 server to a tree. The process is a lot slower than what the same operation would take with eDirectory 8.8.8.x
The server shows one CPU constantly in high utilization.
Adding indexes also takes a very long time.

Resolution

The problem is a side effect of a new feature introduced in eDirectory 9.0 that allows better control of the creation of indexes. The topic is described in detail in the section "FLAIM Attribute Containerization" of the eDirectory 9 documentation:


This feature allows users to decide when an index will be created, instead of having eDirectory decide when this will happen. It is possible to check which attributes eDirectory considers that indexes should be created for, by checking the  dsReadyContainerAttr attribute on the Pseudo server object. You can then use a special ndsrepair switch to create the indexes.

The problem is that in large environments, attempting to add large replicas with attributes with high value count can take a very long time if the indexes are not present. This is what causes the delays in sync mentioned above.

To revert the behavior of eDirectory to its pre-eDirectory 9 behavior, simply add the line:
enablemovetoattrcontainer=1

to the _ndsdb.ini file (located in the /var/opt/novell/eDirectory/data/dib directory) and restart eDirectory.

From eDirectory version 9.0.2 onwards this parameter is added by default to _ndsdb.ini, so this problem is not expected to happen with versions newer than 9.0.2.