On 06/29/2015 06:34 PM, Andrew E. Bruno wrote:
On Mon, Jun 29, 2015 at 10:29:24AM -0600, Rich Megginson wrote:
On 06/29/2015 10:13 AM, Andrew E. Bruno wrote:
Our dirsrv access logs on our freeipa master server are getting flooded
with this:

[29/Jun/2015:12:02:09 -0400] conn=215758 op=1355326784 SRCH
base="cn=u2,cn=groups,cn=accounts,dc=ccr,dc=buffalo,dc=edu" scope=0
filter="(objectClass=*)" attrs="objectClass posixgroup cn userPassword
gidNumber member ipaNTSecurityIdentifier modifyTimestamp entryusn uid"

[29/Jun/2015:12:08:08 -0400] conn=215758 op=1356545457 RESULT err=0
tag=101 nentries=0 etime=0 notes=P

All from the same conn=215758. Logs get rotated every minute.

logconv.pl is showing

Searches:     265803        (3322.54/sec) (199352.25/min)

How can I figure out which ip address this query is coming from? Is
there a way to fetch the ip using the connection id? conn=215758?
grep "conn=215758 fd=" /var/log/dirsrv/slapd-INST/access*

Unfortunately, if it has been rotated away, you won't be able to get the
information from the access log.

No luck .. looks like it has been rotated away. Any other thoughts?

Is it correct to assume this is all coming from a single host? My
thinking is that if I can kill the query coming from the host that it
would solve the problem.


This is looking like bug https://fedorahosted.org/389/ticket/48192.
Because a ldap client (likely SSSD ?) keeps sending page results requests although 0 entries are returned. A condition for this is that the search has been abandonned but it is difficult to very this as the log file has rotated.

This is fixed in 6.7 and 7.1.z

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to