[Samba] Strange LDAP query

Juan Asensio Sánchez okelet at gmail.com
Wed Oct 7 06:34:17 MDT 2009


We have a large installation consisting of many Citrix servers using 2
Samba servers as domain controllers, using 2 LDAP 389 Directory
Servers as user database. Also, there are workstations using the Samba
servers. These LDAP servers have around 30000 user accounts, and we
have detected that Samba servers make this ldap search:

[07/Oct/2009:13:54:06 +0200] conn=46 op=13 SRCH base="dc=domain,dc=my"
scope=2 filter="(&(uid=*)(objectClass=sambaSamAccount))" attrs="uid
sambaSID displayNam
e description sambaAcctFlags"

So Samba is trying to retrieve the 30000 user accounts, making the
LDAP servers freeze. We don't what is happening to make this big
query, I think that this query results of running the "net user"
command from a Windows or Linux machine, but I cannot find which
machine is executing that command. Is there any way to obtain which
host is running this command, or which host is the responsible of make
Samba make that LDAP query?

If not, is there any way to make Samba apply an additional filter when
obtaining accounts? I would like to make the query like


More information about the samba mailing list