[turba] Fwd: 500,000 empty binds a day from horde (approximate)
Kevin Konowalec
webadmin at ualberta.ca
Mon Sep 8 21:41:56 UTC 2008
Has anyone seen this kind of behavior before?
Begin forwarded message:
>
> why?
>
>
> # grep 11033182 /var/log/ldap.log
> Sep 7 18:27:48 ldapcluster4 slapd[30038]: conn=11033182 fd=42
> ACCEPT from IP=xxx.xxx.xxx.xxx:42243 (IP=0.0.0.0:389)
> Sep 7 18:27:48 ldapcluster4 slapd[30038]: conn=11033182 op=0 BIND
> dn="" method=128
> Sep 7 18:27:48 ldapcluster4 slapd[30038]: conn=11033182 op=0 RESULT
> tag=97 err=0 text=
> Sep 7 18:27:49 ldapcluster4 slapd[30038]: conn=11033182 op=1 UNBIND
> Sep 7 18:27:49 ldapcluster4 slapd[30038]: conn=11033182 fd=42 closed
We've got an LDAP server configured in Turba which binds correctly and
returns results just fine. But this seems to be something else. The
various machines in our horde cluster have been beating the heck out
of our LDAP servers with empty binds. I can't seem to find any reason
why it'd be doing that. The turba configuration for legitimate
connections seems to be fine (and it is, given I can do a LDAP search
from Turba with no problems) but it's making all these other requests
as well and I can't figure out why.
Our LDAP admin has had to block us from using the service until we get
this figured out. Getting 30+ empty binds per second is causing a lot
of problems. I'm beginning to wonder if there's something on every
page read or something that is trying to bind to LDAP for some weird
reason. We have a high-water mark of around 6000 logins per hour at
this time of year and a top end limit of about 80,000 total logs per
day... but that doesn't account for half a million ldap queries per
day from horde boxen.
On a side note... might I suggest changing imp's address completion to
only kick in after 3 characters typed minimum? There's no good reason
to be hitting LDAP with queries like "a" or "sm" - especially with
over 100,000 entries. The number of results returned is so large it's
not even close to useful.
Thanks
K
More information about the turba
mailing list