[Samba] logging of ldap queries
Denis Cardon
dcardon at tranquil.it
Mon Nov 18 21:36:44 UTC 2019
Hi everyone,
I am looking at a way to easily trace ldap queries to easily single out computers that have buggy software that download the whole AD (like a getent passwd with winbind enum users = yes for example). Increasing the debug level to 5 gives me the result I am looking for, however it is very very talkative and it fills up the log partition way too fast. I wanted to try to single out one debug class using "debug class = yes" in smb.conf, however the it does not gives any :
[2019/11/18 22:02:54.687235, 5] ../../source4/ldap_server/ldap_backend.c:783(ldapsrv_SearchRequest)
ldb_request SUB dn=cn=users,dc=testing,dc=lan filter=(|(objectClass=*)(distinguishedName=*))
When looking at other items in the log, I do have a debug class
[2019/11/18 22:02:54.682490, 3, class=ldb] ../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
ldb_wrap open of privilege.ldb
Is it that debug class is not implemented for thoses queries? Is there a way to audit the ldap queries without filling up the log partition?
Cheers,
Denis
More information about the samba
mailing list