[Samba] logging of ldap queries

Denis Cardon dcardon at tranquil.it
Mon Nov 18 21:36:44 UTC 2019

Hi everyone,

I am looking at a way to easily trace ldap queries to easily single out computers that have buggy software that download the whole AD (like a getent passwd with winbind enum users = yes for example). Increasing the debug level to 5 gives me the result I am looking for, however it is very very talkative and it fills up the log partition way too fast. I wanted to try to single out one debug class using "debug class = yes" in smb.conf, however the it does not gives any :

[2019/11/18 22:02:54.687235,  5] ../../source4/ldap_server/ldap_backend.c:783(ldapsrv_SearchRequest)
  ldb_request SUB dn=cn=users,dc=testing,dc=lan filter=(|(objectClass=*)(distinguishedName=*))

When looking at other items in the log, I do have a debug class

[2019/11/18 22:02:54.682490,  3, class=ldb] ../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
  ldb_wrap open of privilege.ldb

Is it that debug class is not implemented for thoses queries? Is there a way to audit the ldap queries without filling up the log partition?



More information about the samba mailing list