top, www-data and other using LDAP?

To: debian-user@lists.debian.org
Subject: top, www-data and other using LDAP?
From: Jordi Espasa Clofent <jespasac@minibofh.org>
Date: Thu, 20 Aug 2009 18:46:43 +0200
Message-id: <[🔎] 4A8D7DF3.5010502@minibofh.org>

Hi all,

In /var/log/auth.log I see a lot of LDAP connections attemps:

Aug 20 11:00:07 xen-ad0010 top: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 11:00:07 xen-ad0010 top: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 11:00:08 xen-ad0010 top: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 11:00:09 xen-ad0010 top: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 11:00:10 xen-ad0010 top: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 11:00:11 xen-ad0010 top: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 11:05:03 xen-ad0010 top: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 11:05:03 xen-ad0010 top: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 11:05:05 xen-ad0010 top: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 11:05:06 xen-ad0010 top: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 11:05:07 xen-ad0010 top: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 11:05:08 xen-ad0010 top: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 11:05:09 xen-ad0010 top: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/

(...)

Aug 20 00:45:27 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 00:45:28 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 00:45:28 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 00:46:11 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 00:46:15 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 00:46:16 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 00:46:16 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 00:46:17 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 00:46:17 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 00:46:17 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 00:46:17 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 00:46:21 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 00:46:22 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 00:46:22 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 00:46:55 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 00:46:56 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 00:46:56 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 00:46:57 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 00:46:57 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 00:46:58 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 00:46:58 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/Aug 20 00:47:11 xen-ad0010 apache2: nss_ldap: reconnected to LDAP serverldap://192.168.10.1/


In LDAP server I see these attemps in the next form:

Aug 20 15:15:59 xen-ldap03 slapd[5332]: conn=2225 op=2 SRCHbase="dc=cdmon,dc=com" scope=2 deref=0filter="(&(objectClass=posixAccount)(uid=www-data))"Aug 20 15:15:59 xen-ldap03 slapd[5332]: conn=2225 op=3 SRCHbase="dc=cdmon,dc=com" scope=2 deref=0filter="(&(objectClass=posixGroup)(memberUid=www-data))"Aug 20 15:15:59 xen-ldap03 slapd[5332]: conn=2226 op=2 SRCHbase="dc=cdmon,dc=com" scope=2 deref=0filter="(&(objectClass=posixAccount)(uid=www-data))"Aug 20 15:15:59 xen-ldap03 slapd[5332]: conn=2226 op=3 SRCHbase="dc=cdmon,dc=com" scope=2 deref=0filter="(&(objectClass=posixGroup)(memberUid=www-data))"Aug 20 15:16:01 xen-ldap03 slapd[5332]: conn=2227 op=2 SRCHbase="dc=cdmon,dc=com" scope=2 deref=0filter="(&(objectClass=posixAccount)(uid=www-data))"Aug 20 15:16:01 xen-ldap03 slapd[5332]: conn=2227 op=3 SRCHbase="dc=cdmon,dc=com" scope=2 deref=0filter="(&(objectClass=posixGroup)(memberUid=www-data))"Aug 20 15:16:01 xen-ldap03 slapd[5332]: conn=2228 op=2 SRCHbase="dc=cdmon,dc=com" scope=2 deref=0filter="(&(objectClass=posixAccount)(uid=www-data))"Aug 20 15:16:01 xen-ldap03 slapd[5332]: conn=2228 op=3 SRCHbase="dc=cdmon,dc=com" scope=2 deref=0filter="(&(objectClass=posixGroup)(memberUid=www-data))"Aug 20 15:16:01 xen-ldap03 slapd[5332]: conn=2229 op=2 SRCHbase="dc=cdmon,dc=com" scope=2 deref=0filter="(&(objectClass=posixAccount)(uid=www-data))"Aug 20 15:16:01 xen-ldap03 slapd[5332]: conn=2230 op=2 SRCHbase="dc=cdmon,dc=com" scope=2 deref=0filter="(&(objectClass=posixAccount)(uid=www-data))"Aug 20 15:16:01 xen-ldap03 slapd[5332]: conn=2229 op=3 SRCHbase="dc=cdmon,dc=com" scope=2 deref=0filter="(&(objectClass=posixGroup)(memberUid=www-data))"Aug 20 15:16:01 xen-ldap03 slapd[5332]: conn=2230 op=3 SRCHbase="dc=cdmon,dc=com" scope=2 deref=0filter="(&(objectClass=posixGroup)(memberUid=www-data))"Aug 20 15:16:03 xen-ldap03 slapd[5332]: conn=2231 op=2 SRCHbase="dc=cdmon,dc=com" scope=2 deref=0filter="(&(objectClass=posixAccount)(uid=www-data))"Aug 20 15:16:03 xen-ldap03 slapd[5332]: conn=2231 op=3 SRCHbase="dc=cdmon,dc=com" scope=2 deref=0filter="(&(objectClass=posixGroup)(memberUid=www-data))"Aug 20 15:16:32 xen-ldap03 slapd[5332]: conn=2232 op=2 SRCHbase="dc=cdmon,dc=com" scope=2 deref=0filter="(&(objectClass=posixAccount)(uid=www-data))"Aug 20 15:16:32 xen-ldap03 slapd[5332]: conn=2232 op=3 SRCHbase="dc=cdmon,dc=com" scope=2 deref=0filter="(&(objectClass=posixGroup)(memberUid=www-data))"Aug 20 15:16:34 xen-ldap03 slapd[5332]: conn=2233 op=2 SRCHbase="dc=cdmon,dc=com" scope=2 deref=0filter="(&(objectClass=posixAccount)(uid=www-data))"Aug 20 15:16:34 xen-ldap03 slapd[5332]: conn=2233 op=3 SRCHbase="dc=cdmon,dc=com" scope=2 deref=0filter="(&(objectClass=posixGroup)(memberUid=www-data))"

¿Why the apache2 tires to connect to LDAP server (192.168.10.1) usingits user www-data, which indeed doesn't exist as LDAP user?

Obviosly, the server is using LDAP as _ACCOUNTING SERVER_ (which worksnice with sshd service, for example).... but ¿apache2, top?

I'm really confused.


--
Thanks,
Jordi Espasa Clofent

Reply to:

Follow-Ups:
- Re: top, www-data and other using LDAP?
  - From: Jordi Espasa Clofent <jespasac@minibofh.org>

Prev by Date: Re: Cannot Login
Next by Date: Re: Cannot Login
Previous by thread: Re: usb floppy, image files
Next by thread: Re: top, www-data and other using LDAP?
Index(es):
- Date
- Thread