[Samba] High cpu load on LDAP

Douglas Bagnall douglas.bagnall at catalyst.net.nz
Wed Jan 22 02:38:32 UTC 2025


Looking back at this message, in the log sample, it actually doesn't 
look like the clients are making membership queries; they are just 
asking for all users and groups, repeatedly:

>> Here are more logs (at a very quiet time) :

>>    ldapsrv_SearchRequest: LDAP Query: Duration was 1.74s, SearchRequest
>> by S-1-5-21-xxxxxxxxxxxxx-xxxxxxxxxxxxxx-xxxxxxxxxxxxxxx-3084 from
>> ipv4:192.168.48.87:33768 filter:
>> [(|(objectClass=user)(objectClass=group))] basedn: [dc=GVCC,dc=NET]
>> scope: [SUB] result: Success
>>    ldapsrv_SearchRequest: LDAP Query: Duration was 1.79s, SearchRequest
>> by S-1-5-21-xxxxxxxxxxxxx-xxxxxxxxxxxxxx-xxxxxxxxxxxxxxx-3084 from
>> ipv4:192.168.48.87:33768 filter:
>> [(|(objectClass=user)(objectClass=group))] basedn: [dc=GVCC,dc=NET]
>> scope: [SUB] result: Success

>>    ldapsrv_SearchRequest: LDAP Query: Duration was 1.80s, SearchRequest
>> by S-1-5-21-xxxxxxxxxxxxx-xxxxxxxxxxxxxx-xxxxxxxxxxxxxxx-3048 from
>> ipv4:192.168.19.22:54708 filter:
>> [(|(objectClass=user)(objectClass=group))] basedn: [dc=GVCC,dc=NET]
>> scope: [SUB] result: Success
>>    ldapsrv_SearchRequest: LDAP Query: Duration was 1.74s, SearchRequest
>> by S-1-5-21-xxxxxxxxxxxxx-xxxxxxxxxxxxxx-xxxxxxxxxxxxxxx-3048 from
>> ipv4:192.168.19.22:54708 filter:
>> [(|(objectClass=user)(objectClass=group))] basedn: [dc=GVCC,dc=NET]
>> scope: [SUB] result: Success

>>    ldapsrv_SearchRequest: LDAP Query: Duration was 1.93s, SearchRequest
>> by S-1-5-21-xxxxxxxxxxxxx-xxxxxxxxxxxxxx-xxxxxxxxxxxxxxx-3085 from
>> ipv4:192.168.44.65:59148 filter:
>> [(|(objectClass=user)(objectClass=group))] basedn: [dc=GVCC,dc=NET]
>> scope: [SUB] result: Success
>>    ldapsrv_SearchRequest: LDAP Query: Duration was 1.88s, SearchRequest
>> by S-1-5-21-xxxxxxxxxxxxx-xxxxxxxxxxxxxx-xxxxxxxxxxxxxxx-3085 from
>> ipv4:192.168.44.65:59148 filter:
>> [(|(objectClass=user)(objectClass=group))] basedn: [dc=GVCC,dc=NET]
>> scope: [SUB] result: Success
>>    ldapsrv_SearchRequest: LDAP Query: Duration was 1.83s, SearchRequest
>> by S-1-5-21-xxxxxxxxxxxxx-xxxxxxxxxxxxxx-xxxxxxxxxxxxxxx-3085 from
>> ipv4:192.168.44.65:59148 filter:
>> [(|(objectClass=user)(objectClass=group))] basedn: [dc=GVCC,dc=NET]
>> scope: [SUB] result: Success

It's 192.168.48.87, 192.168.19.22, and 192.168.44.65 asking the same
"show me everyone" question two or three times each. Do you know why?

Is this the same pattern at busy times?

Douglas




More information about the samba mailing list