Hello,I have an SMTP server running Debian Wheezy (64-bit). A few weeks ago, I stopped nscd on it, because it was holding a connection open to our LDAP server and sending a ton of unnecessary queries to it.Even though nscd is not running, I am once again seeing nscd-type queries on the LDAP server from this SMTP server, and a connection is open from the SMTP server. But I can't seem to figure out what process is using that connection. Every time I check using netstat or lsof, it just reports that the socket is owned by my current sshd process.An example:root@smtp:~# netstat -anp | grep 389tcp 0 0 <smtp-ip>:58786 <ldap-ip>:389 ESTABLISHED 10249/0
root@smtp:~# lsof -n -i :389
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 10249 root 4w IPv4 86936230 0t0 TCP <smtp-ip>:58786-><ldap-ip>:ldap (ESTABLISHED)
root@smtp:~# ps -ef | grep 10249
root 10249 17111 0 15:49 ? 00:00:00 sshd: root@pts/0
root 10251 10249 0 15:50 pts/0 00:00:00 -bash
root 10286 10251 0 15:54 pts/0 00:00:00 grep 10249
So I log out and back in, and the PID for this socket changes to my new sshd process:
root@smtp:~# netstat -anp | grep 389
tcp 0 0 <smtp-ip>:58798 <ldap-ip>:389 ESTABLISHED 10288/0
root@smtp:~# lsof -n -i :389
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 10288 root 4w IPv4 86936319 0t0 TCP <smtp-ip>:58798-><ldap-ip>:ldap (ESTABLISHED)
root@smtp:~# ps -ef | grep 10288
root 10288 17111 0 15:54 ? 00:00:00 sshd: root@pts/0
root 10290 10288 0 15:54 pts/0 00:00:00 -bash
root 10304 10290 0 15:55 pts/0 00:00:00 grep 10288And all the while, LDAP queries continue to be sent over this connection. Does anyone have any idea why I can't seem to track down the real process which is holding this socket open?Thanks!Dave
--Dave Parker '11Database & Systems Administrator
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177