[Date Prev][Date Next] [Chronological] [Thread] [Top]

Avoid unexistent user queries



Hi all,

I'm using OpenLDAP as account server. In the server I see a lot of queries from inexistents users in LDAP:

filter="(&(objectClass=posixGroup)(|(memberUid=ivan)(uniqueMember=uid=ivan,ou=sat,ou=tecnic,dc=cdmon,dc=com)))"
filter="(&(objectClass=posixAccount)(uidNumber=900))"
filter="(&(objectClass=posixAccount)(uid=postfix))"
filter="(&(objectClass=posixAccount)(uid=postfix))"
filter="(&(objectClass=posixAccount)(uid=postfix))"
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=nobody))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uid=postfix))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uidNumber=125))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=xatlantax))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uidNumber=900))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uid=cetr))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uidNumber=900))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"

I don't understand why because of users as '900, postfix, root, www-data' don't exists as users in LDAP server. On the other hand, the user 'ivan' exists and you can see the difference in the log record.

¿Where is the problem? Maybe in my /etc/nsswitch.conf of LDAP clients?

# cat /etc/nsswitch.conf
passwd:         files ldap
group:          files ldap
shadow:         files ldap

sudoers:        ldap

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

Taking for example the common 'www-data' user query, I see in the LDAP client the next:

# cat /var/log/auth.log | grep apache
Aug 20 01:20:30 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:20:30 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:20:30 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:20:30 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:20:58 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:02 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:04 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:04 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:48 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:49 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:59 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:22:00 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:22:00 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:22:03 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:22:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:22:07 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:22:07 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:22:24 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:22:24 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:22:24 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:22:25 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/

¿Why Apache2 tries to connect to LDAP (192.168.10.1)? ¿How I can avoid it?


--
Thanks,
Jordi Espasa Clofent