[Samba] Strange LDAP query

Julio Gómez Belmonte julio at openinside.es
Thu Oct 8 06:21:53 MDT 2009


We have a large installation consisting of many Citrix servers using 2 Samba servers as domain controllers, using 2 LDAP 389 Directory Servers as user database. Also, there are workstations using the Samba servers. These LDAP servers have around 30000 user accounts, and we have detected that Samba servers make this ldap search: 

[07/ Oct /2009:13:54:06 +0200] conn=46 op=13 SRCH base="dc=domain,dc=my" scope=2 filter="(&(uid=*)(objectClass=sambaSamAccount))" attrs="uid sambaSID displayName description sambaAcctFlags" 

So Samba is trying to retrieve the 30000 user accounts, making the LDAP servers freeze. We don't what is happening to make this big query, I think that this query results of running the "net user" command from a Windows or Linux machine, but I cannot find which machine is executing that command. Is there any way to obtain which host is running this command, or which host is the responsible of make Samba make that LDAP query? 

If not, is there any way to make Samba apply an additional filter when obtaining accounts? I would like to make the query like (&(uid=*)(objectClass=sambaSamAccount)(&(objectClass=myOwnClass)(ou:dn:=People))).


More information about the samba mailing list