Re: Open socket not connected to any real process
Roberto C. Sánchez wrote: > On Wed, Mar 07, 2018 at 11:08:05PM +0100, Sven Hartge wrote: >> This is why you use libpam-ldapd (instead of libpam-ldap) in >> combination with libnss-ldapd (instead of libnss-ldap). >> >> Its design with a separate daemon (nslcd) doing the actual LDAP >> connection is far superior compared to the original lib*-ldap code. >> >> It also means that libldap itself is only mapped into the central >> server process and not into every process on the system. > Personally, I found sssd (along with libpam-sss and libnss-sss) to be > much better behaved. Yes, also a very valid alternative, much more so, if Active Directory is involved. Grüße, Sven. -- Sigmentation fault. Core dumped.
Re: Open socket not connected to any real process
On Wed, Mar 07, 2018 at 11:08:05PM +0100, Sven Hartge wrote: > > This is why you use libpam-ldapd (instead of libpam-ldap) in combination > with libnss-ldapd (instead of libnss-ldap). > > Its design with a separate daemon (nslcd) doing the actual LDAP > connection is far superior compared to the original lib*-ldap code. > > It also means that libldap itself is only mapped into the central > server process and not into every process on the system. > Personally, I found sssd (along with libpam-sss and libnss-sss) to be much better behaved. Regards, -Roberto -- Roberto C. Sánchez
Re: Open socket not connected to any real process
David Parker wrote: > Well, crap. It turns out this isn't a problem. PAM is configured for > LDAP authentication and so it opens a connection each time I log in, > owned by my sshd process, even though it's not using LDAP > authentication for root. And the other LDAP queries I'm seeing are > being sent when users authenticate via sendmail. Case closed! This is why you use libpam-ldapd (instead of libpam-ldap) in combination with libnss-ldapd (instead of libnss-ldap). Its design with a separate daemon (nslcd) doing the actual LDAP connection is far superior compared to the original lib*-ldap code. It also means that libldap itself is only mapped into the central server process and not into every process on the system. Grüße, Sven -- Sigmentation fault. Core dumped.
Re: Open socket not connected to any real process
Well, crap. It turns out this isn't a problem. PAM is configured for LDAP authentication and so it opens a connection each time I log in, owned by my sshd process, even though it's not using LDAP authentication for root. And the other LDAP queries I'm seeing are being sent when users authenticate via sendmail. Case closed! On Wed, Mar 7, 2018 at 4:16 PM, David Parker wrote: > Hello, > > I have an SMTP server running Debian Wheezy (64-bit). A few weeks ago, I > stopped nscd on it, because it was holding a connection open to our LDAP > server and sending a ton of unnecessary queries to it. > > Even though nscd is not running, I am once again seeing nscd-type queries > on the LDAP server from this SMTP server, and a connection is open from the > SMTP server. But I can't seem to figure out what process is using that > connection. Every time I check using netstat or lsof, it just reports that > the socket is owned by my current sshd process. > > An example: > > root@smtp:~# netstat -anp | grep 389 > tcp0 0 :58786 :389ESTABLISHED > *10249/0* > > root@smtp:~# lsof -n -i :389 > COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME > sshd*10249 root*4w IPv4 86936230 0t0 TCP > :58786->:ldap (ESTABLISHED) > > root@smtp:~# ps -ef | grep 10249 > *root 10249 17111 0 15:49 ?00:00:00 sshd: root@pts/0* > root 10251 10249 0 15:50 pts/000:00:00 -bash > root 10286 10251 0 15:54 pts/000:00:00 grep 10249 > > So I log out and back in, and the PID for this socket changes to my new > sshd process: > > root@smtp:~# netstat -anp | grep 389 > tcp0 0 :58798 :389ESTABLISHED > *10288/0* > > root@smtp:~# lsof -n -i :389 > COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME > sshd*10288 root*4w IPv4 86936319 0t0 TCP > :58798->:ldap (ESTABLISHED) > > root@smtp:~# ps -ef | grep 10288 > *root 10288 17111 0 15:54 ?00:00:00 sshd: root@pts/0* > root 10290 10288 0 15:54 pts/000:00:00 -bash > root 10304 10290 0 15:55 pts/000:00:00 grep 10288 > > And all the while, LDAP queries continue to be sent over this connection. > Does anyone have any idea why I can't seem to track down the real process > which is holding this socket open? > > Thanks! > Dave > > -- > Dave Parker '11 > Database & Systems Administrator > Utica College > Integrated Information Technology Services > (315) 792-3229 > Registered Linux User #408177 > -- Dave Parker '11 Database & Systems Administrator Utica College Integrated Information Technology Services (315) 792-3229 Registered Linux User #408177
Open socket not connected to any real process
Hello, I have an SMTP server running Debian Wheezy (64-bit). A few weeks ago, I stopped nscd on it, because it was holding a connection open to our LDAP server and sending a ton of unnecessary queries to it. Even though nscd is not running, I am once again seeing nscd-type queries on the LDAP server from this SMTP server, and a connection is open from the SMTP server. But I can't seem to figure out what process is using that connection. Every time I check using netstat or lsof, it just reports that the socket is owned by my current sshd process. An example: root@smtp:~# netstat -anp | grep 389 tcp0 0 :58786 :389ESTABLISHED *10249/0* root@smtp:~# lsof -n -i :389 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd*10249 root*4w IPv4 86936230 0t0 TCP :58786->:ldap (ESTABLISHED) root@smtp:~# ps -ef | grep 10249 *root 10249 17111 0 15:49 ?00:00:00 sshd: root@pts/0* root 10251 10249 0 15:50 pts/000:00:00 -bash root 10286 10251 0 15:54 pts/000:00:00 grep 10249 So I log out and back in, and the PID for this socket changes to my new sshd process: root@smtp:~# netstat -anp | grep 389 tcp0 0 :58798 :389ESTABLISHED *10288/0* root@smtp:~# lsof -n -i :389 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd*10288 root*4w IPv4 86936319 0t0 TCP :58798->:ldap (ESTABLISHED) root@smtp:~# ps -ef | grep 10288 *root 10288 17111 0 15:54 ?00:00:00 sshd: root@pts/0* root 10290 10288 0 15:54 pts/000:00:00 -bash root 10304 10290 0 15:55 pts/000:00:00 grep 10288 And all the while, LDAP queries continue to be sent over this connection. Does anyone have any idea why I can't seem to track down the real process which is holding this socket open? Thanks! Dave -- Dave Parker '11 Database & Systems Administrator Utica College Integrated Information Technology Services (315) 792-3229 Registered Linux User #408177
