sshd repeated polling for non-local uidNumber?

[Dave Sclarsky <dsclarsky [at] netquestcorp.com>]

Hi,

I'm setting up an "embedded" device to use LDAP via PAM, and luckily found nss-pam-ldap, it was a lifesaver!

One thing I noticed is that if a user logs in via ssh and is authenticated via LDAP, we see repeated queries to the LDAP server as shown below, but only if the uidNumber in the LDAP database is not present in the local Linux password database.  The repeated polling seems to happen once a minute if the user is idle at a shell prompt, and will also happen when they enter certain commands (e.g. ps).

Here's output from nslcd -d showing the poll:

nslcd: [0e0f76] DEBUG: connection from  pid=27529 uid=0 gid=0

nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable

nslcd: [0e0f76] <passwd=1000001> DEBUG: myldap_search(base="ou=software,dc=mycorp,dc=com", filter="(&(objectClass=posixAccount)(uidNumber=1000001))")

nslcd: [0e0f76] <passwd=1000001> DEBUG: ldap_result(): uid=labuser,ou=software,dc=mycorp,dc=com

nslcd: [0e0f76] <passwd=1000001> DEBUG: ldap_result(): end of results (1 total)

The "1000001" is the uidNumber provisioned for the user named "labuser".

The pid requesting the connection is different on each request and is ephemeral, so I cannot see which application is making the request.

Can you tell me if I have something misconfigured, or is this considered normal, or...?

Thanks in advance,
DaveS.