AD Infrastructure seeing high traffic of ldap query from sssd on RHEL7
Issue
The customer had observed a spike in traffic to their AD environment. Majority of the clients were identified are RHEL7 servers. The customer noted the following errors in the sssd logs that point to a long ldap query being run:
(Sat May 26 17:45:29 2018) [sssd[be[EXAMPLE.COM]]] [sdap_posix_check_next] (0x0400): Searching for POSIX attributes with base [DC=nam,DC=nsroot,DC=net]
(Sat May 26 17:45:29 2018) [sssd[be[EXAMPLE.COM [sdap_print_server] (0x2000): Searching 168.72.67.31:389
(Sat May 26 17:45:29 2018) [sssd[be[EXAMPLE.COM [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(|(&(uidNumber=*)(objectclass=user))(&(gidNumber=*)(objectclass=group)))][DC=nam,DC=nsroot,DC=net].
(Sat May 26 17:45:29 2018) [sssd[be[EXAMPLE.COM [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectclass]
(Sat May 26 17:45:29 2018) [sssd[be[EXAMPLE.COM [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
(Sat May 26 17:45:29 2018) [sssd[be[EXAMPLE.COM [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Sat May 26 17:45:29 2018) [sssd[be[EXAMPLE.COM [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 6
Environment
Red Hat Enterprise Linux 7.4
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.