Avoid unexistent user queries - openldap-technical

20 Aug 2009


      Hi all,
I'm using OpenLDAP as account server.  In the server I see a lot of 
queries from inexistents users in LDAP:
filter="(&(objectClass=posixGroup)(|(memberUid=ivan)(uniqueMember=uid=ivan,ou=sat,ou=tecnic,dc=cdmon,dc=com)))"
filter="(&(objectClass=posixAccount)(uidNumber=900))"
filter="(&(objectClass=posixAccount)(uid=postfix))"
filter="(&(objectClass=posixAccount)(uid=postfix))"
filter="(&(objectClass=posixAccount)(uid=postfix))"
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=nobody))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uid=postfix))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uidNumber=125))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=xatlantax))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uidNumber=900))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uid=cetr))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uidNumber=900))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
I don't understand why because of users as '900, postfix, root, 
www-data' don't exists as users in LDAP server. On the other hand, the 
user 'ivan' exists and you can see the difference in the log record.
¿Where is the problem? Maybe in my /etc/nsswitch.conf of LDAP clients?
# cat /etc/nsswitch.conf
passwd:         files ldap
group:          files ldap
shadow:         files ldap
sudoers:        ldap
hosts:          files dns
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis
Taking for example the common 'www-data' user query, I see in the LDAP 
client the next:
# cat /var/log/auth.log | grep apache
Aug 20 01:20:30 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:20:30 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:20:30 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:20:30 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:20:58 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:02 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:04 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:04 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:48 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:49 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:21:59 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:22:00 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:22:00 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:22:03 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:22:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:22:07 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:22:07 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:22:24 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:22:24 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:22:24 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
Aug 20 01:22:25 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server 
ldap://192.168.10.1/
¿Why Apache2 tries to connect to LDAP (192.168.10.1)? ¿How I can avoid it?
-- 
Thanks,
Jordi Espasa Clofent