Форум проекта Pro-LDAP.ru

Общие вопросы по LDAP => Работа с LDAP-клиентами => Тема начата: marawu от 01 Август 2017, 09:25:20

Название: nslcd постоянно шлет запросы
Отправлено: marawu от 01 Август 2017, 09:25:20
Добрый день, столкнулся с такой проблемой, что nslcd постоянно перебирает shadowAccount всех пользователей LDAP. В debug режиме ничего подозрительного не увидел, но с другими клиентами такой проблемы нет, за исключением 3 серверов. Один перебирает всех пользователей LDAP, другой постоянно ищет пользователя zabbix, несмотря на то, что в nss_initgroups_ignoreusers он указан, а третий постоянно ищет nouser. Ниже лог одного из серверов, может кто подскажет, от чего такого странное поведение (каждый username это разный пользователь):



nslcd: DEBUG: NSS_LDAP nss-pam-ldapd 0.9.4
nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT,allow)
nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_CACERTFILE,"/etc/ldap/godaddyCA.crt")
nslcd: DEBUG: CFG: threads 5
nslcd: DEBUG: CFG: uid nslcd
nslcd: DEBUG: CFG: gid 122
nslcd: DEBUG: CFG: uri ldap://server.domain.com
nslcd: DEBUG: CFG: ldap_version 3
nslcd: DEBUG: CFG: binddn uid=ldap-proxy,ou=Special Users,dc=domain,dc=com
nslcd: DEBUG: CFG: bindpw ***
nslcd: DEBUG: CFG: rootpwmoddn cn=admin,dc=domain,dc=com
nslcd: DEBUG: CFG: base dc=domain,dc=com
nslcd: DEBUG: CFG: base group ou=servers,ou=groups,dc=domain,dc=com
nslcd: DEBUG: CFG: base passwd ou=people,dc=domain,dc=com
nslcd: DEBUG: CFG: base shadow ou=people,dc=domain,dc=com
nslcd: DEBUG: CFG: scope sub
nslcd: DEBUG: CFG: deref never
nslcd: DEBUG: CFG: referrals yes
nslcd: DEBUG: CFG: filter aliases (objectClass=nisMailAlias)
nslcd: DEBUG: CFG: filter ethers (objectClass=ieee802Device)
nslcd: DEBUG: CFG: filter group (objectClass=posixGroup)
nslcd: DEBUG: CFG: filter hosts (objectClass=ipHost)
nslcd: DEBUG: CFG: filter netgroup (objectClass=nisNetgroup)
nslcd: DEBUG: CFG: filter networks (objectClass=ipNetwork)
nslcd: DEBUG: CFG: filter passwd (&(uidNumber>=1100)(!(memberof=cn=Deleted.dept,ou=Groups,dc=domain,dc=com)))
nslcd: DEBUG: CFG: filter protocols (objectClass=ipProtocol)
nslcd: DEBUG: CFG: filter rpc (objectClass=oncRpc)
nslcd: DEBUG: CFG: filter services (objectClass=ipService)
nslcd: DEBUG: CFG: filter shadow (objectClass=shadowAccount)
nslcd: DEBUG: CFG: map group userPassword "*"
nslcd: DEBUG: CFG: map passwd userPassword "*"
nslcd: DEBUG: CFG: map passwd gecos "${gecos:-$cn}"
nslcd: DEBUG: CFG: map shadow userPassword "*"
nslcd: DEBUG: CFG: map shadow shadowLastChange "${shadowLastChange:--1}"
nslcd: DEBUG: CFG: map shadow shadowMin "${shadowMin:--1}"
nslcd: DEBUG: CFG: map shadow shadowMax "${shadowMax:--1}"
nslcd: DEBUG: CFG: map shadow shadowWarning "${shadowWarning:--1}"
nslcd: DEBUG: CFG: map shadow shadowInactive "${shadowInactive:--1}"
nslcd: DEBUG: CFG: map shadow shadowExpire "${shadowExpire:--1}"
nslcd: DEBUG: CFG: map shadow shadowFlag "${shadowFlag:-0}"
nslcd: DEBUG: CFG: bind_timelimit 5
nslcd: DEBUG: CFG: timelimit 10
nslcd: DEBUG: CFG: idle_timelimit 60
nslcd: DEBUG: CFG: reconnect_sleeptime 1
nslcd: DEBUG: CFG: reconnect_retrytime 10
nslcd: DEBUG: CFG: ssl start_tls
nslcd: DEBUG: CFG: tls_reqcert allow
nslcd: DEBUG: CFG: tls_cacertfile /etc/ldap/godaddyCA.crt
nslcd: DEBUG: CFG: pagesize 0
nslcd: DEBUG: CFG: nss_initgroups_ignoreusers bin,nginx,systemd-network,nslcd,statd,dovenull,proftpd,systemd-bus-proxy,shellinabox,daemon,bind,messagebus,backup,mysql,irc,systemd-timesync,man,news,Debian-exim,z...
nslcd: DEBUG: CFG: nss_min_uid 0
nslcd: DEBUG: CFG: nss_nested_groups no
nslcd: DEBUG: CFG: validnames /^[a-z0-9._@$()]([a-z0-9._@$() \~-]*[a-z0-9._@$()~-])?$/i
nslcd: DEBUG: CFG: ignorecase no
nslcd: DEBUG: CFG: cache dn2uid 15m 15m
nslcd: version 0.9.4 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such file or directory
nslcd: DEBUG: initgroups("nslcd",122) done
nslcd: DEBUG: setgid(122) done
nslcd: DEBUG: setuid(118) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [8b4567] <passwd(all)> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(uidNumber>=1100)(!(memberof=cn=Deleted.dept,ou=Groups,dc=domain,dc=com)))")
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_initialize(ldap://server.domain.com)
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,10)
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,10)
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,10)
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_start_tls_s()
nslcd: [8b4567] <passwd(all)> DEBUG: set_socket_timeout(10,500000)
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_simple_bind_s("uid=ldap-proxy,ou=Special Users,dc=domain,dc=com","***") (uri="ldap://server.domain.com")
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [8b4567] <passwd(all)> (re)loading /etc/nsswitch.conf
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [7b23c6] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [7b23c6] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [7b23c6] <shadow="nameuser"> DEBUG: ldap_initialize(ldap://server.domain.com)
nslcd: [7b23c6] <shadow="nameuser"> DEBUG: ldap_set_rebind_proc()
nslcd: [7b23c6] <shadow="nameuser"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [7b23c6] <shadow="nameuser"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [7b23c6] <shadow="nameuser"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,10)
nslcd: [7b23c6] <shadow="nameuser"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,10)
nslcd: [7b23c6] <shadow="nameuser"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,10)
nslcd: [7b23c6] <shadow="nameuser"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [7b23c6] <shadow="nameuser"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [7b23c6] <shadow="nameuser"> DEBUG: ldap_start_tls_s()
nslcd: [7b23c6] <shadow="nameuser"> DEBUG: set_socket_timeout(10,500000)
nslcd: [7b23c6] <shadow="nameuser"> DEBUG: ldap_simple_bind_s("uid=ldap-proxy,ou=Special Users,dc=domain,dc=com","***") (uri="ldap://server.domain.com")
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_result(): ... 352 more results
nslcd: [8b4567] <passwd(all)> DEBUG: ldap_result(): end of results (362 total)
nslcd: [7b23c6] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [7b23c6] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [3c9869] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [3c9869] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [3c9869] <shadow="nameuser"> DEBUG: ldap_initialize(ldap://server.domain.com)
nslcd: [3c9869] <shadow="nameuser"> DEBUG: ldap_set_rebind_proc()
nslcd: [3c9869] <shadow="nameuser"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [3c9869] <shadow="nameuser"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [3c9869] <shadow="nameuser"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,10)
nslcd: [3c9869] <shadow="nameuser"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,10)
nslcd: [3c9869] <shadow="nameuser"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,10)
nslcd: [3c9869] <shadow="nameuser"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [3c9869] <shadow="nameuser"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [3c9869] <shadow="nameuser"> DEBUG: ldap_start_tls_s()
nslcd: [3c9869] <shadow="nameuser"> DEBUG: set_socket_timeout(10,500000)
nslcd: [3c9869] <shadow="nameuser"> DEBUG: ldap_simple_bind_s("uid=ldap-proxy,ou=Special Users,dc=domain,dc=com","***") (uri="ldap://server.domain.com")
nslcd: [3c9869] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [3c9869] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [334873] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [334873] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [334873] <shadow="nameuser"> DEBUG: ldap_initialize(ldap://server.domain.com)
nslcd: [334873] <shadow="nameuser"> DEBUG: ldap_set_rebind_proc()
nslcd: [334873] <shadow="nameuser"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [334873] <shadow="nameuser"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [334873] <shadow="nameuser"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,10)
nslcd: [334873] <shadow="nameuser"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,10)
nslcd: [334873] <shadow="nameuser"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,10)
nslcd: [334873] <shadow="nameuser"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [334873] <shadow="nameuser"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [334873] <shadow="nameuser"> DEBUG: ldap_start_tls_s()
nslcd: [334873] <shadow="nameuser"> DEBUG: set_socket_timeout(10,500000)
nslcd: [334873] <shadow="nameuser"> DEBUG: ldap_simple_bind_s("uid=ldap-proxy,ou=Special Users,dc=domain,dc=com","***") (uri="ldap://server.domain.com")
nslcd: [334873] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [334873] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [b0dc51] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [b0dc51] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [b0dc51] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [b0dc51] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [495cff] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [495cff] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [495cff] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [495cff] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [e8944a] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [e8944a] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [e8944a] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [e8944a] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [5558ec] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [5558ec] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [5558ec] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [5558ec] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [8e1f29] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [8e1f29] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [8e1f29] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [8e1f29] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [e87ccd] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [e87ccd] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [e87ccd] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [e87ccd] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [1b58ba] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [1b58ba] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [1b58ba] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [1b58ba] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [7ed7ab] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [7ed7ab] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [7ed7ab] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [7ed7ab] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [b141f2] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [b141f2] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [b141f2] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [b141f2] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [b71efb] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [b71efb] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [b71efb] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [b71efb] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [e2a9e3] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [e2a9e3] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [e2a9e3] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [e2a9e3] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [45e146] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [45e146] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [45e146] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [45e146] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [5f007c] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [5f007c] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [5f007c] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [5f007c] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [d062c2] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [d062c2] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [d062c2] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [d062c2] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [200854] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [200854] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [200854] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [200854] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [b127f8] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [b127f8] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [b127f8] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [b127f8] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [efd79f] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [efd79f] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [efd79f] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [efd79f] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [a7c4c9] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [a7c4c9] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [a7c4c9] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [a7c4c9] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [68079a] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [68079a] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [68079a] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [68079a] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [6afb66] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [6afb66] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [6afb66] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [6afb66] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [e45d32] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [e45d32] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [e45d32] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [e45d32] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [9b500d] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [9b500d] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
nslcd: [9b500d] <shadow="nameuser"> DEBUG: ldap_result(): uid=username,ou=People,dc=domain,dc=com
nslcd: [9b500d] <shadow="nameuser"> DEBUG: ldap_result(): end of results (1 total)
nslcd: [1bd7b7] DEBUG: connection from pid=28329 uid=0 gid=0
nslcd: [1bd7b7] <shadow="nameuser"> DEBUG: myldap_search(base="ou=people,dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))")
^Cnslcd: caught signal SIGINT (2), shutting down
nslcd: DEBUG: set_socket_timeout(5,0)
nslcd: DEBUG: ldap_unbind()
nslcd: DEBUG: set_socket_timeout(5,0)
nslcd: DEBUG: ldap_unbind()
nslcd: DEBUG: set_socket_timeout(5,0)
nslcd: DEBUG: ldap_unbind()
nslcd: thread 0 is still running, shutting down anyway
nslcd: version 0.9.4 bailing out
Название: Re: nslcd постоянно шлет запросы
Отправлено: egor от 05 Август 2017, 15:34:14
Здравствуйте! Давненько Вас не было слышно =) .

Вообще, неплохо было бы показать и nslcd.conf, чтобы было от чего отталкиваться. И ещё Вы спрятали всех под одним псевдонимом username, чтобы окончательно всех запутать. Но, в принципе, я ничего криминального не увидел. Сначала были найдены все пользователи по фильтру для passwd, а затем каждый пользователь отдельно опрошен на наличие shadow-атрибутов по фильтру shadow. По идее nslcd -- это кэширующий демон, видимо, он опрашивает информацию о каждом пользователе, чтобы пометить её в свой кэш.

Насчёт zabbix и nouser трудно сказать. Вероятно, nouser требуется какой-то программе, которая постоянно теребит библиотеку nss, а пользователь zabbix требуется самому zabbix. nss_initgroups_ignoreusers предотвращает поиск только на членство в группе, поиск информации по самому пользователю не предотвращается. Возможно, подойдёт опция nss_min_uid.

Егор