Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cron.php generates gygabites of traffic from LDAP server #22101

Closed
pacija opened this issue Aug 4, 2020 · 5 comments
Closed

cron.php generates gygabites of traffic from LDAP server #22101

pacija opened this issue Aug 4, 2020 · 5 comments
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap bug feature: ldap

Comments

@pacija
Copy link

pacija commented Aug 4, 2020

Hi,

I have recently noticed a huge spike in traffic (more than 1Gb each 5 minutes) between nextcloud and LDAP server. This stopped after disabling cron (run from system's crontab).

What would be the reason for nextcloud to start requesting so much data from Active Directory? Could this be a bug?

OS: FreeBSD 12.1-RELEASE (both host and jail)
Nextcloud: 19.0.1

Thank you in advance,
@pacija pacija added 0. Needs triage Pending check for reproducibility or if it fits our roadmap bug labels Aug 4, 2020
@kesselb
Copy link
Contributor

kesselb commented Aug 4, 2020

Sounds similar to #15171.

cc @nextcloud/ldap

@YeroDog
Copy link

YeroDog commented Aug 17, 2020

Same Problem (like in #15171), it's a fresh 19.0.1 installation.
Around ~1500 user, ldap auth against an UNIVENTION Server (UCS).

The cron runs via crontab every 15 minutes but after several hours i notice a second (or even third) cron.php.

It has an impact on cpu time and also generates a lot of internal traffic, around 17mbps.

I can't say exactly when it occurs, but after a restart I have about half a day until it starts again to generate this unusual traffic.

@pacija
Copy link
Author

pacija commented Aug 17, 2020

As for my problem, I have solved it by changing manual LDAP filters which were carried over from OwnCloud installation years ago.

My LDAP server is Active Directory.

Unfortunately I don't have old filters, but new ones are almost identical to ones in official documentation.

Users:

(&(objectclass=organizationalPerson)(memberof=CN=owncloud_users,OU=Groups,DC=example,DC=org))

Login Attributes:

(&(objectclass=organizationalPerson)(memberof=CN=owncloud_users,OU=Groups,DC=example,DC=org)(samaccountname=%uid))

Old filters didn't cause excessive traffic before.

@peschuster
Copy link

I have the same issue.
What I found out is that NC searches for a user with a base DN of my groups:

initializing paged search for filter member=cn=<DN of user>, base ou=<base DN of groups>, attr ["member","cn","dn"], limit 100, offset 3865510200

This seems to happen in an endless loop.
Any idea where this query comes from?
My logs we're completely flooded with this line, so I don't have any context, a part from it being triggered by cron.php

@q-wertz q-wertz mentioned this issue Oct 1, 2020
Closed
@szaimen
Copy link
Contributor

szaimen commented Jun 9, 2021

Let us track this in #15171

@szaimen szaimen closed this as completed Jun 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap bug feature: ldap
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@peschuster @blizzz @kesselb @pacija @szaimen @YeroDog