Anyone ever encountered some open ended ldap searches that look for a cn of "anyuser" ... Has anyone ever seen this? Curious minds want to know.
#Unix LDAP and strange searches...
junior pumice
nova narwhal
sure, if a Windows user with the same name accesses a unix-style volume? or maybe anyuser was set as default user name somewhere?
pastel siren
This is a generic search done by ONTAP to verify the LDAP configuration. You can also run it manually with the "vserver services name-service ldap check" command.
https://docs.netapp.com/us-en/ontap-cli-9131/vserver-services-name-service-ldap-check.html
junior pumice
This is a generic search done by ONTAP to verify the LDAP configuration. You ca...
So you are saying anytime I run the ldap check -vserver svm it is going to send 'anyuser' specifically to the ldap provider?
pastel siren
Sorry, I will look to verify the ONTAP versions this is seen in tomorrow and report back, as I believe it was changed in more recent versions. What version are you seeing this on?
junior pumice
Sorry, I will look to verify the ONTAP versions this is seen in tomorrow and rep...
9.10
charred gust
bump
pastel siren
Looking into this, the LDAP query for "anyuser" should be done when a cached LDAP connection is available for an SVM, to validate that the connection is still alive. The frequency of these queries will vary depending on the need for LDAP for name mapping and other lookups, and, if any cached connections exist when the lookups are attempted, which can be difficult to predict with the different caches, and the fact that they are driven by user activity.
charred gust
I just don't know how to confirm the 10000's of requests for that user account. We are in the middle of an LDAP provider cutover, so the caches are being invalidated at that time (flushed).