[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [Fwd: constant lookups causing a lot of load]



> Given that I have all Linux servers, they share identical system
> accounts.  All my boxes have "nobody" and "sys" and "daemon" on the
> local /etc/passwd and /etc/group files, and my nsswitch.conf searches
> files first for passwd and shadow, ldap first for group.  I just don't
> put system accounts in ldap.

This is exactly what I'm doing yet lookups continue at the rate in which 
people are hitting the webserver.  Here's a sample:

Sep  8 09:52:43 srv2 slapd[2316]: conn=22390 op=4 SRCH 
base="dc=fork,dc=com" scope=2 filter="(uid=nobody)"
Sep  8 09:52:43 srv2 slapd[2316]: conn=22390 op=4 SEARCH RESULT tag=101 
err=0 text=
Sep  8 09:52:43 srv2 slapd[15424]: conn=22390 op=5 SRCH 
base="dc=fork,dc=com" scope=2 
filter="(&(objectClass=posixGroup)(memberUid=nobody))"
Sep  8 09:52:43 srv2 slapd[15424]: conn=22390 op=5 SEARCH RESULT tag=101 
err=0 text=
Sep  8 09:52:43 srv2 slapd[22245]: conn=22391 op=4 SRCH 
base="dc=fork,dc=com" scope=2 filter="(uid=nobody)"
Sep  8 09:52:43 srv2 slapd[22245]: conn=22391 op=4 SEARCH RESULT tag=101 
err=0 text=
Sep  8 09:52:43 srv2 slapd[7937]: conn=22391 op=5 SRCH 
base="dc=fork,dc=com" scope=2 
filter="(&(objectClass=posixGroup)(memberUid=nobody))"
Sep  8 09:52:43 srv2 slapd[7937]: conn=22391 op=5 SEARCH RESULT tag=101 
err=0 text=

Here's my nsswitch:

passwd:     files ldap
shadow:     files ldap
group:      files ldap

and here's my ldap server:

srv1:/var/log# ldapsearch -H ldaps://ldap.fork.com -x -D 
"dc=fork,dc=com" cn=nobody
version: 2

#
# filter: cn=nobody
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

see, nothin' in ldap relating to nobody

Thanks!
-jeremy

> -------- Original Message --------
> Subject: constant lookups causing a lot of load
> Date: Mon, 8 Sep 2003 12:34:14 -0700 (PDT)
> From: Jeremy Hansen <jeremy@methanesea.com>
> To: openldap-software@OpenLDAP.org
> 
> 
> I'm running a fairly busy webserver that's authenticating over ldap to
> another server.  I'm getting constant lookups on the 'nobody' group that
> the webserver is running as and I'm not sure why nscd isn't caching it or
> why it's even happening.
> 
> Any suggestions?  It's causing a fair amount of load.
> 
> Thanks
> -jeremy
> 
> 
>