[Date Prev][Date Next] [Chronological] [Thread] [Top]

Avoid unexistent user queries

To: openldap-technical@openldap.org
Subject: Avoid unexistent user queries
From: Jordi Espasa Clofent <jespasac@minibofh.org>
Date: Thu, 20 Aug 2009 16:13:13 +0200
User-agent: Thunderbird 2.0.0.19 (X11/20090107)

Hi all,

I'm using OpenLDAP as account server. In the server I see a lot ofqueries from inexistents users in LDAP:


filter="(&(objectClass=posixGroup)(|(memberUid=ivan)(uniqueMember=uid=ivan,ou=sat,ou=tecnic,dc=cdmon,dc=com)))"
filter="(&(objectClass=posixAccount)(uidNumber=900))"
filter="(&(objectClass=posixAccount)(uid=postfix))"
filter="(&(objectClass=posixAccount)(uid=postfix))"
filter="(&(objectClass=posixAccount)(uid=postfix))"
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=nobody))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uid=postfix))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uidNumber=125))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=xatlantax))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uidNumber=900))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uid=cetr))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uidNumber=900))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"

I don't understand why because of users as '900, postfix, root,www-data' don't exists as users in LDAP server. On the other hand, theuser 'ivan' exists and you can see the difference in the log record.


¿Where is the problem? Maybe in my /etc/nsswitch.conf of LDAP clients?

# cat /etc/nsswitch.conf
passwd:         files ldap
group:          files ldap
shadow:         files ldap

sudoers:        ldap

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

Taking for example the common 'www-data' user query, I see in the LDAPclient the next:


# cat /var/log/auth.log | grep apache

Aug 20 01:20:30 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:20:30 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:20:30 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:20:30 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:20:58 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:02 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:04 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:04 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:48 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:49 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:21:59 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:22:00 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:22:00 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:22:03 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:22:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:22:07 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:22:07 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:22:24 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:22:24 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:22:24 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 01:22:25 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/


¿Why Apache2 tries to connect to LDAP (192.168.10.1)? ¿How I can avoid it?


--
Thanks,
Jordi Espasa Clofent

Prev by Date: Re: top-level data entries not replicating, 2.4.15
Next by Date: question for some code in sasl binding
Index(es):
- Chronological
- Thread