[turba] Fwd: 500, 000 empty binds a day from horde (approximate)

Kevin Konowalec webadmin at ualberta.ca
Wed Sep 10 21:33:35 UTC 2008 

On Sep 9, 2008, at 1:31 AM, Jan Schneider wrote:

> Zitat von Kevin Konowalec <webadmin at ualberta.ca>:
>
>>
>> On Sep 8, 2008, at 8:34 PM, Chuck Hagenbuch wrote:
>>
>>> Quoting Kevin Konowalec <webadmin at ualberta.ca>:
>>>
>>>> We've got an LDAP server configured in Turba which binds  
>>>> correctly and returns results just fine.  But this seems to be  
>>>> something else.  The various machines in our horde cluster have  
>>>> been beating the heck out of our LDAP servers with empty binds.   
>>>> I can't seem to find any reason why it'd be doing that.  The  
>>>> turba configuration for legitimate connections seems to be fine  
>>>> (and it is, given I can do a LDAP search from Turba with no  
>>>> problems) but it's making all these other requests as well and I  
>>>> can't figure out why.
>>>
>>> What else do you have configured to use LDAP? Can you correlate  
>>> any user activity to the anon binds?
>>
>>
>> I took one horde front end out of the loop so I was the ONLY user  
>> on it.  We then filtered the LDAP logs to watch what happens.  When  
>> I initially log on we see a bind.  Then when I read the first  
>> message there's a bind (but oddly enough not every other time).   
>> Then there seems to be binds when I try to compose (lots of them  
>> actually). The really odd thing is that we see binds even when I'm  
>> not doing anything.  But as soon as I take our ldap server entirely  
>> out of turba's servers.php file and restart then there are zero  
>> empty bind attempts so it's 100% a horde issue.
>
> The only thing happening if not doing anything yourself is the left  
> sidebar reloading. The sidebar does contain references to all Turba  
> sources, though this is still no reason to do binds to the LDAP  
> directories. But maybe that helps to track it down.
> The Turba menu is built in turba/lib/Block/tree_menu.php. Try  
> commenting it out in config/registry.php and see if that changes  
> anything.
>
> Jan.


Yes that did it!  Whatever the turba menu was doing by firing off all  
those empty binds it's no longer doing it having commented out the  
turba_menu section of registry.php.  The drop in LDAP traffic from our  
cluster was near instantaneous and drastic.  I dunno what the purpose  
of those empty binds were but yanking turba out of the sidebar  
definitely did the trick to stop them.

An interesting sidebar...  because we were hammering the LDAP server  
so hard the admin decided to move us off the production cluster  and  
onto a dedicated LDAP box.  Being an older box it eventually crumpled  
under the load but what was really interesting is that when LDAP  
became unstable so did horde.  The sidebar wouldn't load and the  
address book functionality was broken (despite user address books  
being stored in mySQL).  As soon as I took the LDAP directory out of  
turba's sources.php everything went back to normal.

Kevin

More information about the turba mailing list