[turba] Fwd: 500,000 empty binds a day from horde (approximate)

Kevin Konowalec webadmin at ualberta.ca
Mon Sep 8 21:41:56 UTC 2008


Has anyone seen this kind of behavior before?

Begin forwarded message:
>
> why?
>
>
> # grep 11033182 /var/log/ldap.log
> Sep  7 18:27:48 ldapcluster4 slapd[30038]: conn=11033182 fd=42  
> ACCEPT from IP=xxx.xxx.xxx.xxx:42243 (IP=0.0.0.0:389)
> Sep  7 18:27:48 ldapcluster4 slapd[30038]: conn=11033182 op=0 BIND  
> dn="" method=128
> Sep  7 18:27:48 ldapcluster4 slapd[30038]: conn=11033182 op=0 RESULT  
> tag=97 err=0 text=
> Sep  7 18:27:49 ldapcluster4 slapd[30038]: conn=11033182 op=1 UNBIND
> Sep  7 18:27:49 ldapcluster4 slapd[30038]: conn=11033182 fd=42 closed



We've got an LDAP server configured in Turba which binds correctly and  
returns results just fine.  But this seems to be something else.  The  
various machines in our horde cluster have been beating the heck out  
of our LDAP servers with empty binds.  I can't seem to find any reason  
why it'd be doing that.  The turba configuration for legitimate  
connections seems to be fine (and it is, given I can do a LDAP search  
from Turba with no problems) but it's making all these other requests  
as well and I can't figure out why.

Our LDAP admin has had to block us from using the service until we get  
this figured out.  Getting 30+ empty binds per second is causing a lot  
of problems.  I'm beginning to wonder if there's something on every  
page read or something that is trying to bind to LDAP for some weird  
reason.  We have a high-water mark of around 6000 logins per hour at  
this time of year and a top end limit of about 80,000 total logs per  
day... but that doesn't account for half a million ldap queries per  
day from horde boxen.

On a side note... might I suggest changing imp's address completion to  
only kick in after 3 characters typed minimum?  There's no good reason  
to be hitting LDAP with queries like "a" or "sm" - especially with  
over 100,000 entries.  The number of results returned is so large it's  
not even close to useful.

Thanks

K






More information about the turba mailing list