[Samba] High cpu load on LDAP
Douglas Bagnall
douglas.bagnall at catalyst.net.nz
Wed Jan 22 02:38:32 UTC 2025
Looking back at this message, in the log sample, it actually doesn't
look like the clients are making membership queries; they are just
asking for all users and groups, repeatedly:
>> Here are more logs (at a very quiet time) :
>> ldapsrv_SearchRequest: LDAP Query: Duration was 1.74s, SearchRequest
>> by S-1-5-21-xxxxxxxxxxxxx-xxxxxxxxxxxxxx-xxxxxxxxxxxxxxx-3084 from
>> ipv4:192.168.48.87:33768 filter:
>> [(|(objectClass=user)(objectClass=group))] basedn: [dc=GVCC,dc=NET]
>> scope: [SUB] result: Success
>> ldapsrv_SearchRequest: LDAP Query: Duration was 1.79s, SearchRequest
>> by S-1-5-21-xxxxxxxxxxxxx-xxxxxxxxxxxxxx-xxxxxxxxxxxxxxx-3084 from
>> ipv4:192.168.48.87:33768 filter:
>> [(|(objectClass=user)(objectClass=group))] basedn: [dc=GVCC,dc=NET]
>> scope: [SUB] result: Success
>> ldapsrv_SearchRequest: LDAP Query: Duration was 1.80s, SearchRequest
>> by S-1-5-21-xxxxxxxxxxxxx-xxxxxxxxxxxxxx-xxxxxxxxxxxxxxx-3048 from
>> ipv4:192.168.19.22:54708 filter:
>> [(|(objectClass=user)(objectClass=group))] basedn: [dc=GVCC,dc=NET]
>> scope: [SUB] result: Success
>> ldapsrv_SearchRequest: LDAP Query: Duration was 1.74s, SearchRequest
>> by S-1-5-21-xxxxxxxxxxxxx-xxxxxxxxxxxxxx-xxxxxxxxxxxxxxx-3048 from
>> ipv4:192.168.19.22:54708 filter:
>> [(|(objectClass=user)(objectClass=group))] basedn: [dc=GVCC,dc=NET]
>> scope: [SUB] result: Success
>> ldapsrv_SearchRequest: LDAP Query: Duration was 1.93s, SearchRequest
>> by S-1-5-21-xxxxxxxxxxxxx-xxxxxxxxxxxxxx-xxxxxxxxxxxxxxx-3085 from
>> ipv4:192.168.44.65:59148 filter:
>> [(|(objectClass=user)(objectClass=group))] basedn: [dc=GVCC,dc=NET]
>> scope: [SUB] result: Success
>> ldapsrv_SearchRequest: LDAP Query: Duration was 1.88s, SearchRequest
>> by S-1-5-21-xxxxxxxxxxxxx-xxxxxxxxxxxxxx-xxxxxxxxxxxxxxx-3085 from
>> ipv4:192.168.44.65:59148 filter:
>> [(|(objectClass=user)(objectClass=group))] basedn: [dc=GVCC,dc=NET]
>> scope: [SUB] result: Success
>> ldapsrv_SearchRequest: LDAP Query: Duration was 1.83s, SearchRequest
>> by S-1-5-21-xxxxxxxxxxxxx-xxxxxxxxxxxxxx-xxxxxxxxxxxxxxx-3085 from
>> ipv4:192.168.44.65:59148 filter:
>> [(|(objectClass=user)(objectClass=group))] basedn: [dc=GVCC,dc=NET]
>> scope: [SUB] result: Success
It's 192.168.48.87, 192.168.19.22, and 192.168.44.65 asking the same
"show me everyone" question two or three times each. Do you know why?
Is this the same pattern at busy times?
Douglas
More information about the samba
mailing list