Sssd experts,
Our AD team is complaining that their AD controllers in our more
densely-populated datacenters are getting overloaded. (up to 5K concurrent
LDAP connections per AD DC).
They find that 90% of the LDAP queries come from Linux servers -- which is
surprising as Linux servers are < 50% of the resident population.
We had previously found a coding bug in a vendor’s cron job that was
generating a lot of unnecessary LDAP queries. That cybersecurity
monitoring software was on every Linux server, so it led to a thundering
herd problem when the cron job would kick off on every Linux server.
That thundering herd problem has been remediated, but we suspect something
similar occurring now. We’d like to see what LDAP queries are being
executed by several random Linux servers, but we’ve had negative
experiences leaving sssd debug_level = 9 on for several days. (Fills up
the /var/log filesystem after a few days).
I read in the sssd-ldap man page:
ldap_library_debug_level (integer)
Switches on libldap debugging with the given level. The libldap debug
messages will be written independent of the general debug_level.
OpenLDAP uses a bitmap to enable debugging for specific components, -1 will
enable full debug output.
Default: 0 (libldap debugging disabled)
This seems to be exactly what we want! We want to see what LDAP queries
are being executed without all the other massive logging that arises from
debug_level 9.
However, I cannot find these bitmap values of debug levels for the openldap
library. The most I can find is bitmapped debug values for a stand-alone
slapd daemon.
OpenLDAP debug level - Knowledge Base / Community - Univention Help
<https://help.univention.com/t/openldap-debug-level/19301>
Where may I find the documentation of the bitmapped debug values that can
be set via ldap_library_debug_level?
Spike White
--
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
