[turba] Fwd: 500, 000 empty binds a day from horde (approximate)

Jan Schneider jan at horde.org
Wed Sep 10 22:01:35 UTC 2008 

Zitat von Kevin Konowalec <webadmin at ualberta.ca>:

>
> On Sep 9, 2008, at 1:31 AM, Jan Schneider wrote:
>
>> Zitat von Kevin Konowalec <webadmin at ualberta.ca>:
>>
>>>
>>> On Sep 8, 2008, at 8:34 PM, Chuck Hagenbuch wrote:
>>>
>>>> Quoting Kevin Konowalec <webadmin at ualberta.ca>:
>>>>
>>>>> We've got an LDAP server configured in Turba which binds  
>>>>> correctly and returns results just fine.  But this seems to be  
>>>>> something else.  The various machines in our horde cluster have  
>>>>> been beating the heck out of our LDAP servers with empty binds.   
>>>>> I can't seem to find any reason why it'd be doing that.  The  
>>>>> turba configuration for legitimate connections seems to be fine  
>>>>> (and it is, given I can do a LDAP search from Turba with no  
>>>>> problems) but it's making all these other requests as well and I  
>>>>> can't figure out why.
>>>>
>>>> What else do you have configured to use LDAP? Can you correlate  
>>>> any user activity to the anon binds?
>>>
>>>
>>> I took one horde front end out of the loop so I was the ONLY user  
>>> on it.  We then filtered the LDAP logs to watch what happens.   
>>> When I initially log on we see a bind.  Then when I read the first  
>>> message there's a bind (but oddly enough not every other time).   
>>> Then there seems to be binds when I try to compose (lots of them  
>>> actually). The really odd thing is that we see binds even when I'm  
>>> not doing anything.  But as soon as I take our ldap server  
>>> entirely out of turba's servers.php file and restart then there  
>>> are zero empty bind attempts so it's 100% a horde issue.
>>
>> The only thing happening if not doing anything yourself is the left  
>> sidebar reloading. The sidebar does contain references to all Turba  
>> sources, though this is still no reason to do binds to the LDAP  
>> directories. But maybe that helps to track it down.
>> The Turba menu is built in turba/lib/Block/tree_menu.php. Try  
>> commenting it out in config/registry.php and see if that changes  
>> anything.
>>
>> Jan.
>
>
> Yes that did it!  Whatever the turba menu was doing by firing off  
> all those empty binds it's no longer doing it having commented out  
> the turba_menu section of registry.php.  The drop in LDAP traffic  
> from our cluster was near instantaneous and drastic.  I dunno what  
> the purpose of those empty binds were but yanking turba out of the  
> sidebar definitely did the trick to stop them.

Looking at the code, this is what happens: during the listing of  
address books, each address books source is instantiated with a  
Turba_Driver object. Basically to do some permission checks on the  
driver.

But, when we call the driver factory, some initialization method is  
called in the driver, and in the case of an LDAP driver, this method  
is connecting to the server. This should probably be fixed.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/

More information about the turba mailing list