Fixed
Details
Assignee
Ronny TrommerRonny TrommerReporter
Andreas FuchsAndreas FuchsComponents
Fix versions
Priority
Major
Details
Details
Assignee
Ronny Trommer
Ronny TrommerReporter
Andreas Fuchs
Andreas FuchsComponents
Fix versions
Priority
MajorPagerDuty
PagerDuty
PagerDuty
Created November 14, 2016 at 8:34 AM
Updated August 7, 2018 at 3:37 PM
Resolved August 7, 2018 at 3:37 PM
A customer called me because he a division of is company informed him,
that they found many errors in the log files of there LDAP installation caused by OpenNMS.
The messages are like this:
2016-08-12T14:06:26.845241+2:00 GLPSRV044W Client connection from 999.999.999.999 bound as NULL closed by server. # xxxx.yyyy.com
A little bit of researching and I found, that this Error is recorded every time someone login and logout immediately without doing any ldap operations.
I set up an own testing environment with OpenNMS 18.0.2 and OpenLDAP 2.4.31 and find similar entries in the log.
Nov 14 12:14:15 ubuntuserver slapd[920]: conn=1016 fd=13 ACCEPT from IP=172.16.3.47:51262 (IP=0.0.0.0:389)
Nov 14 12:14:15 ubuntuserver slapd[920]: conn=1016 fd=13 closed (connection lost)
Nov 14 12:14:15 ubuntuserver slapd[920]: conn=1017 fd=13 ACCEPT from IP=172.16.3.47:51264 (IP=0.0.0.0:389)
Nov 14 12:14:15 ubuntuserver slapd[920]: conn=1017 op=0 SRCH base="dc=example,dc=net,ou=users" scope=1 deref=0 filter="(uid=testaccount)"
Nov 14 12:14:15 ubuntuserver slapd[920]: conn=1017 op=0 SRCH attr=1.1
Nov 14 12:14:15 ubuntuserver slapd[920]: conn=1017 op=0 SEARCH RESULT tag=101 err=32 nentries=0 text=
Nov 14 12:14:15 ubuntuserver slapd[920]: conn=1017 fd=13 closed (connection lost)
Nov 14 12:14:45 ubuntuserver slapd[920]: conn=1018 fd=13 ACCEPT from IP=172.16.3.47:51282 (IP=0.0.0.0:389)
Nov 14 12:14:45 ubuntuserver slapd[920]: conn=1018 fd=13 closed (connection lost)
Nov 14 12:14:45 ubuntuserver slapd[920]: conn=1019 fd=20 ACCEPT from IP=172.16.3.47:51284 (IP=0.0.0.0:389)
Nov 14 12:14:45 ubuntuserver slapd[920]: conn=1019 op=0 SRCH base="dc=example,dc=net,ou=users" scope=1 deref=0 filter="(uid=testaccount)"
Nov 14 12:14:45 ubuntuserver slapd[920]: conn=1019 op=0 SRCH attr=1.1
Nov 14 12:14:45 ubuntuserver slapd[920]: conn=1019 op=0 SEARCH RESULT tag=101 err=32 nentries=0 text=
Nov 14 12:14:45 ubuntuserver slapd[920]: conn=1019 fd=20 closed (connection lost)
With the Hint from the documentation
"The LDAP monitor first tries to establish a TCP connection on the specified port. Then, if it succeeds, it will attempt to establish an LDAP connection and do a simple search."
I looked in the source code of OpenNMS and found the place where a simple port check is done (like TCP monitor).
After command this out, there are no entries of additional connection in the logs and the error in the ldap installation of our customer disappear.
Is it possible to take the change over in the official source code?.
I see no purpose for the first check. If someone wants this information it could be reproduced with the tcp monitor.
I add the changed file (opennms/opennms-services/src/main/java/org/opennms/netmgt/poller/monitors/LdapMonitor.java) and a compiled version for OpenNMS 18.0.2.