Too many LDAP queries

S

Sherzod

Dabbler
Joined
Aug 18, 2021
Messages
16
Good afternoon,
We see that Truenas 13.0.U3.1 is making too many LDAP queries. It makes at least 5 million queries in one week.
The strangest thing is that it even searches local users and local groups in ldap too.
Here are some fragments of the logs:

Code:
    May 15, 2023 @ 17:02:46.953 +00:00    646265b6.38cd1dda 0x7f83ce74ab38 conn=112166 op=2 SRCH attr=objectClass cn ipServicePort ipServiceProtocol modifyTimestamp     -
    May 15, 2023 @ 17:02:46.953 +00:00    646265b6.38d08aa7 0x7f83ce74ab38 conn=112166 op=2 SEARCH RESULT tag=101 err=0 qtime=0.000026 etime=0.000367 nentries=0 text=     -
    May 15, 2023 @ 17:02:46.953 +00:00    646265b6.38cc4112 0x7f83ce74ab38 conn=112166 op=2 SRCH base="dc=xxx,dc=com" scope=2 deref=0 filter="(&(cn=https)(objectClass=ipService))"
    Mar 18, 2023 @ 13:59:46.662 +00:00    6415c3d2.27731c00 0x7fabe5d99b38 conn=1000 op=173595 SRCH base="dc=xxx,dc=com" scope=2 deref=0 filter="(&(objectClass=posixGroup)(cn=1004))"     -
    Mar 18, 2023 @ 13:59:46.662 +00:00    6415c3d2.27769235 0x7fabe5d99b38 conn=1000 op=173595 SEARCH RESULT tag=101 err=0 qtime=0.000022 etime=0.000268 nentries=0 text=     -
    Mar 18, 2023 @ 13:59:46.661 +00:00    6415c3d2.2769bf98 0x7fabe3f93b38 conn=1000 op=173594 SEARCH RESULT tag=101 err=0 qtime=0.000024 etime=0.000239 nentries=0 text=     -
    Mar 18, 2023 @ 13:59:46.661 +00:00    6415c3d2.27675a56 0x7fabe3f93b38 conn=1000 op=173594 SRCH attr=uidNumber cn gecos uid objectClass homeDirectory gidNumber     -
    Mar 18, 2023 @ 13:59:46.661 +00:00    6415c3d2.2766c66f 0x7fabe3f93b38 conn=1000 op=173594 SRCH base="dc=xxx,dc=com" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=1004))"     -
    Mar 18, 2023 @ 13:59:46.660 +00:00    6415c3d2.275971c9 0x7fabe0387b38 conn=1000 op=173593 SRCH attr=uidNumber cn gecos uid objectClass homeDirectory gidNumber     -
    Mar 18, 2023 @ 13:59:46.660 +00:00    6415c3d2.27585dec 0x7fabe0387b38 conn=1000 op=173593 SRCH base="dc=xxx,dc=com" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=1004))"     -
    Mar 18, 2023 @ 13:59:46.660 +00:00    6415c3d2.275d1ea5 0x7fabe0387b38 conn=1000 op=173593 SEARCH RESULT tag=101 err=0 qtime=0.000034 etime=0.000374 nentries=0 text=     -
    Mar 18, 2023 @ 13:59:46.658 +00:00    6415c3d2.2739204f 0x7fabe218db38 conn=1000 op=173592 SRCH base="dc=xxx,dc=com" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=1004))"     -
    Mar 18, 2023 @ 13:59:46.658 +00:00    6415c3d2.273ac522 0x7fabe218db38 conn=1000 op=173592 SRCH attr=uidNumber cn gecos uid objectClass homeDirectory gidNumber     -
    Mar 18, 2023 @ 13:59:46.658 +00:00    6415c3d2.273ff485 0x7fabe218db38 conn=1000 op=173592 SEARCH RESULT tag=101 err=0 qtime=0.000044 etime=0.000636 nentries=0 text=     -
    Mar 18, 2023 @ 13:59:46.264 +00:00    6415c3d2.0fbf181e 0x7fabe7bffb38 conn=1000 op=173591 SRCH base="dc=xxx,dc=com" scope=2 deref=0 filter="(&(objectClass=posixGroup)(cn=1004))"     -
    Mar 18, 2023 @ 13:59:46.264 +00:00    6415c3d2.0fc0093d 0x7fabe7bffb38 conn=1000 op=173591 SRCH attr=member cn memberUid gidNumber
    Apr 22, 2023 @ 13:57:00.935 +00:00    6443e7ac.37b650e0 0x7fabef9dab38 conn=1000 op=1341901 SRCH base="dc=xxx,dc=com" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=r))"     -
    Apr 22, 2023 @ 13:57:00.935 +00:00    6443e7ac.37b76466 0x7fabef9dab38 conn=1000 op=1341901 SRCH attr=uidNumber cn gecos uid objectClass homeDirectory gidNumber     -
    Apr 22, 2023 @ 13:57:00.935 +00:00    6443e7ac.37bd76f1 0x7fabef9dab38 conn=1000 op=1341901 SEARCH RESULT tag=101 err=0 qtime=0.000041 etime=0.000558 nentries=0 text=     -
    Apr 22, 2023 @ 13:56:12.160 +00:00    6443e77c.0985a839 0x7fabe218db38 conn=1000 op=1341900 SEARCH RESULT tag=101 err=0 qtime=0.000034 etime=0.000341 nentries=0 text=     -
    Apr 22, 2023 @ 13:56:12.159 +00:00    6443e77c.09822a83 0x7fabe218db38 conn=1000 op=1341900 SRCH attr=member cn memberUid gidNumber

If you pay attention to this log, Truenas is looking for a user with uid 1004, and this user is local and created through the Truenas web interface.
We have ldap integration configured:
1684226646353.png

1. How can I reduce the number of queries?
2. Can we configure that local users are looked up first in the local db and are not queried from ldap?
I would be glad to have any tips.
 
Last edited:
You must log in or register to reply here.

Similar threads

S
Too many LDAP queries
Replies
2
Views
2K
Sherzod
S
S
Unwanted LDAP queries
Replies
1
Views
2K
Sherzod
S
L
  • Locked
How to set up LDAP properly in 9.3?
Replies
1
Views
2K
Ling Ho
L
M
  • Locked
FreeNAS LDAP client authenticates successfully but fails at authorization stage
Replies
4
Views
10K
samuele.innocenti
S
X
  • Locked
Can't enable LDAP Directory Service
Replies
2
Views
2K
xenu
X
Top