Hi all,
I'm using OpenLDAP as account server. In the server I see a lot of queries from inexistents users in LDAP:
filter="(&(objectClass=posixGroup)(|(memberUid=ivan)(uniqueMember=uid=ivan,ou=sat,ou=tecnic,dc=cdmon,dc=com)))" filter="(&(objectClass=posixAccount)(uidNumber=900))" filter="(&(objectClass=posixAccount)(uid=postfix))" filter="(&(objectClass=posixAccount)(uid=postfix))" filter="(&(objectClass=posixAccount)(uid=postfix))" filter="(&(objectClass=posixAccount)(uid=root))" filter="(&(objectClass=posixAccount)(uid=root))" filter="(&(objectClass=posixAccount)(uid=nobody))" gidNumbercn filter="(&(objectClass=posixAccount)(uid=postfix))" gidNumbercn filter="(&(objectClass=posixAccount)(uidNumber=125))" gidNumbercn filter="(&(objectClass=posixAccount)(uid=root))" filter="(&(objectClass=posixAccount)(uid=xatlantax))" gidNumbercn filter="(&(objectClass=posixAccount)(uidNumber=900))" gidNumbercn filter="(&(objectClass=posixAccount)(uid=cetr))" gidNumbercn filter="(&(objectClass=posixAccount)(uid=root))" filter="(&(objectClass=posixAccount)(uid=root))" filter="(&(objectClass=posixAccount)(uidNumber=900))" gidNumbercn filter="(&(objectClass=posixAccount)(uid=root))" filter="(&(objectClass=posixAccount)(uid=root))" filter="(&(objectClass=posixAccount)(uid=root))" filter="(&(objectClass=posixAccount)(uid=www-data))" filter="(&(objectClass=posixAccount)(uid=www-data))" filter="(&(objectClass=posixAccount)(uid=www-data))" filter="(&(objectClass=posixAccount)(uid=www-data))" filter="(&(objectClass=posixAccount)(uid=www-data))" filter="(&(objectClass=posixAccount)(uid=www-data))" filter="(&(objectClass=posixAccount)(uid=www-data))" filter="(&(objectClass=posixAccount)(uid=www-data))" filter="(&(objectClass=posixAccount)(uid=www-data))" filter="(&(objectClass=posixAccount)(uid=www-data))" filter="(&(objectClass=posixAccount)(uid=www-data))" filter="(&(objectClass=posixAccount)(uid=www-data))" filter="(&(objectClass=posixAccount)(uid=www-data))"
I don't understand why because of users as '900, postfix, root, www-data' don't exists as users in LDAP server. On the other hand, the user 'ivan' exists and you can see the difference in the log record.
¿Where is the problem? Maybe in my /etc/nsswitch.conf of LDAP clients?
# cat /etc/nsswitch.conf passwd: files ldap group: files ldap shadow: files ldap
sudoers: ldap
hosts: files dns networks: files
protocols: db files services: db files ethers: db files rpc: db files
netgroup: nis
Taking for example the common 'www-data' user query, I see in the LDAP client the next:
# cat /var/log/auth.log | grep apache Aug 20 01:20:30 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:20:30 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:20:30 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:20:30 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:20:58 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:02 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:04 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:04 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:48 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:49 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:21:59 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:22:00 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:22:00 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:22:03 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:22:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:22:07 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:22:07 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:22:24 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:22:24 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:22:24 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/ Aug 20 01:22:25 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server ldap://192.168.10.1/
¿Why Apache2 tries to connect to LDAP (192.168.10.1)? ¿How I can avoid it?
openldap-technical@openldap.org