QNAP authenticating WebDAV over OpenLDAP works, but syslog on ldap server is flooded

Question

We have a QNAP QTS TS-451U version 4.3.3.0.229, we have an openLDAP server running version v. 2.4.40 (on Debian 8 server).

I can log in to the web interface with my LDAP user, and I can connect to the NAS using WebDAV (from windows, linux and mac), and that seems fine, (also using LDAP user) but maybe a little slow... The problem is that syslog on the openLDAP server gets 1500 log entries per second! So, I am afraid that if I scale up this system the LDAP server will die on me. The log looks like this:

Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080615 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080615 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080615 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080616 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080616 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080616 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080617 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080617 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080617 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080618 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080618 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080618 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080619 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080619 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080619 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080620 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080620 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080620 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080621 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080621 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080621 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080622 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080622 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080622 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080623 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080623 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080623 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080624 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080624 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080624 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080625 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080625 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080625 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080626 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080626 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080626 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080627 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080627 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080627 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080628 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080628 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080628 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080629 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080629 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080629 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080630 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080630 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080630 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080631 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080631 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080631 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080632 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080632 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080632 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080633 SRCH base="ou=Groups,

I have talked to QNAP support for a couple weeks, but they do not seem to be able to help me.

Maybe you can help?

Extra Note:

If I log in with a local user, WebDAV is much faster, for exmple, I browsed in the explore rand it took 5 seconds with a local user, the same path with an LDAP user took 22 seconds.

but copying a file from my PC to the NAS is about the same speed for both local user and LDAP user.

also, the web-interface is similar speed.. it seems that the worst part is browsing in WebDAV with LDAP user.

SamErde · Answer 1 · 2017-07-06T19:14:10.990

2

What level are you syslog messages filtered at? My guess is that your syslog filter is set to level 4 or higher in the QNAP settings. Try changing this to 3 (error) or 2 (critical) so it logs fewer events. You can also use the filter to ignore specific events. QNAP shows step-by-step instructions on their docs site, along with a description of each level.

You may also need to change the syslog settings for openldap on your Debian server to only log levels 4 or lower.

edited Jul 06 '17 at 19:14

answered Jul 06 '17 at 19:07

SamErde

3,324
3
23
42

Thank you will certainly look into those excellent ideas! – Sverre Jul 07 '17 at 20:07
Thanks again, I am sorry I was away from work a few days, so did not have time to test your case. you seem to have gotten half the bonus, so that is nice for you :-) I did look at your case, but could NOT find a way to set the sysloglevel to 2... could not find it anywhere. I DID find the filder, but it does not say anywhere how it works.. so if I for example filder all greater than ERROR... does that mean that I will see the critical messages, or NOT see the critical messages? in any event, I can not seem to make it change the behavior of my syslog on the LDAP server. – Sverre Jul 12 '17 at 14:48

QNAP authenticating WebDAV over OpenLDAP works, but syslog on ldap server is flooded

1 Answers1