[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [Fwd: constant lookups causing a lot of load]
> Given that I have all Linux servers, they share identical system
> accounts. All my boxes have "nobody" and "sys" and "daemon" on the
> local /etc/passwd and /etc/group files, and my nsswitch.conf searches
> files first for passwd and shadow, ldap first for group. I just don't
> put system accounts in ldap.
This is exactly what I'm doing yet lookups continue at the rate in which
people are hitting the webserver. Here's a sample:
Sep 8 09:52:43 srv2 slapd[2316]: conn=22390 op=4 SRCH
base="dc=fork,dc=com" scope=2 filter="(uid=nobody)"
Sep 8 09:52:43 srv2 slapd[2316]: conn=22390 op=4 SEARCH RESULT tag=101
err=0 text=
Sep 8 09:52:43 srv2 slapd[15424]: conn=22390 op=5 SRCH
base="dc=fork,dc=com" scope=2
filter="(&(objectClass=posixGroup)(memberUid=nobody))"
Sep 8 09:52:43 srv2 slapd[15424]: conn=22390 op=5 SEARCH RESULT tag=101
err=0 text=
Sep 8 09:52:43 srv2 slapd[22245]: conn=22391 op=4 SRCH
base="dc=fork,dc=com" scope=2 filter="(uid=nobody)"
Sep 8 09:52:43 srv2 slapd[22245]: conn=22391 op=4 SEARCH RESULT tag=101
err=0 text=
Sep 8 09:52:43 srv2 slapd[7937]: conn=22391 op=5 SRCH
base="dc=fork,dc=com" scope=2
filter="(&(objectClass=posixGroup)(memberUid=nobody))"
Sep 8 09:52:43 srv2 slapd[7937]: conn=22391 op=5 SEARCH RESULT tag=101
err=0 text=
Here's my nsswitch:
passwd: files ldap
shadow: files ldap
group: files ldap
and here's my ldap server:
srv1:/var/log# ldapsearch -H ldaps://ldap.fork.com -x -D
"dc=fork,dc=com" cn=nobody
version: 2
#
# filter: cn=nobody
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
see, nothin' in ldap relating to nobody
Thanks!
-jeremy
> -------- Original Message --------
> Subject: constant lookups causing a lot of load
> Date: Mon, 8 Sep 2003 12:34:14 -0700 (PDT)
> From: Jeremy Hansen <jeremy@methanesea.com>
> To: openldap-software@OpenLDAP.org
>
>
> I'm running a fairly busy webserver that's authenticating over ldap to
> another server. I'm getting constant lookups on the 'nobody' group that
> the webserver is running as and I'm not sure why nscd isn't caching it or
> why it's even happening.
>
> Any suggestions? It's causing a fair amount of load.
>
> Thanks
> -jeremy
>
>
>