Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-8891

LDAPMonitor causes Errors in ldap logfiles

    XMLWordPrintable

    Details

      Description

      A customer called me because he a division of is company informed him,
      that they found many errors in the log files of there LDAP installation caused by OpenNMS.
      The messages are like this:
      2016-08-12T14:06:26.845241+2:00 GLPSRV044W Client connection from 999.999.999.999 bound as NULL closed by server. # xxxx.yyyy.com
      A little bit of researching and I found, that this Error is recorded every time someone login and logout immediately without doing any ldap operations.
      I set up an own testing environment with OpenNMS 18.0.2 and OpenLDAP 2.4.31 and find similar entries in the log.
      Nov 14 12:14:15 ubuntuserver slapd[920]: conn=1016 fd=13 ACCEPT from IP=172.16.3.47:51262 (IP=0.0.0.0:389)
      Nov 14 12:14:15 ubuntuserver slapd[920]: conn=1016 fd=13 closed (connection lost)
      Nov 14 12:14:15 ubuntuserver slapd[920]: conn=1017 fd=13 ACCEPT from IP=172.16.3.47:51264 (IP=0.0.0.0:389)
      Nov 14 12:14:15 ubuntuserver slapd[920]: conn=1017 op=0 SRCH base="dc=example,dc=net,ou=users" scope=1 deref=0 filter="(uid=testaccount)"
      Nov 14 12:14:15 ubuntuserver slapd[920]: conn=1017 op=0 SRCH attr=1.1
      Nov 14 12:14:15 ubuntuserver slapd[920]: conn=1017 op=0 SEARCH RESULT tag=101 err=32 nentries=0 text=
      Nov 14 12:14:15 ubuntuserver slapd[920]: conn=1017 fd=13 closed (connection lost)
      Nov 14 12:14:45 ubuntuserver slapd[920]: conn=1018 fd=13 ACCEPT from IP=172.16.3.47:51282 (IP=0.0.0.0:389)
      Nov 14 12:14:45 ubuntuserver slapd[920]: conn=1018 fd=13 closed (connection lost)
      Nov 14 12:14:45 ubuntuserver slapd[920]: conn=1019 fd=20 ACCEPT from IP=172.16.3.47:51284 (IP=0.0.0.0:389)
      Nov 14 12:14:45 ubuntuserver slapd[920]: conn=1019 op=0 SRCH base="dc=example,dc=net,ou=users" scope=1 deref=0 filter="(uid=testaccount)"
      Nov 14 12:14:45 ubuntuserver slapd[920]: conn=1019 op=0 SRCH attr=1.1
      Nov 14 12:14:45 ubuntuserver slapd[920]: conn=1019 op=0 SEARCH RESULT tag=101 err=32 nentries=0 text=
      Nov 14 12:14:45 ubuntuserver slapd[920]: conn=1019 fd=20 closed (connection lost)

      With the Hint from the documentation
      "The LDAP monitor first tries to establish a TCP connection on the specified port. Then, if it succeeds, it will attempt to establish an LDAP connection and do a simple search."
      I looked in the source code of OpenNMS and found the place where a simple port check is done (like TCP monitor).
      After command this out, there are no entries of additional connection in the logs and the error in the ldap installation of our customer disappear.

      Is it possible to take the change over in the official source code?.
      I see no purpose for the first check. If someone wants this information it could be reproduced with the tcp monitor.

      I add the changed file (opennms/opennms-services/src/main/java/org/opennms/netmgt/poller/monitors/LdapMonitor.java) and a compiled version for OpenNMS 18.0.2.

        Attachments

          Activity

            People

            • Assignee:
              indigo Ronny Trommer
              Reporter:
              AndreasFuchs Andreas Fuchs
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: