slapd error message in /var/log/messages

while examing the /var/log/messages, found this error:

2015-06-02T09:30:05.961652-07:00 JohnMeister slapd[1292]: conn=262943 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"

------------------------------------------------

--> sudo  cat /var/log/messages |  grep "slapd" | more
2015-06-02T09:30:05.961652-07:00 JohnMeister slapd[1292]: conn=262943 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"
2015-06-02T09:30:08.928011-07:00 JohnMeister slapd[1292]: conn=262944 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"
2015-06-02T09:30:10.983652-07:00 JohnMeister slapd[1292]: conn=262945 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"
------------------------------------------------

then I counted them... lots of them...

--> sudo  cat /var/log/messages |  grep "slapd" | wc -l

11399

------------------------------------------------

did a search... found it was related to ldap... funny... not using ldap for authentication, but chances
are I installed it along with the kitchen sink when setting up the server with the thought of integrating samba at
some point... 

so... examined the /etc/ldap.conf file... saw lots and lots of comments, not much content; used grep to extract key info:


-root- [/etc]
------------------------------------------------
--> cat ldap.conf | grep -v ^# | grep -v ^$
base	dc=com
bind_policy	soft
pam_lookup_policy	yes
pam_password	exop
nss_initgroups_ignoreusers	root,ldap
nss_schema	rfc2307bis
nss_map_attribute	uniqueMember member
ssl	start_tls
ldap_version	3
uri	ldap://localhost
pam_filter	objectClass=posixAccount
------------------------------------------------

Decided that the best course of action was to shut off ldap.  More searching suggested removing the packages, or
just turning it off.  Since this was a SuSE 13.1 install, I opted for the easy way out, used Yast in the terminal
window to turn off first the LDAP CLIENT, then the LDAP SERVER... the message file extract below shows ongoing
system error activity and where I turned it off.  Notice the Invalid user admin, 


------------------------------------------------
--> tail -n 50 /var/log/message 
2015-06-02T23:39:35.459277-07:00 JohnMeister slapd[1292]: conn=274480 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"
2015-06-02T23:39:35.459646-07:00 JohnMeister nscd: nss-ldap: do_open: do_start_tls failed:stat=-1
2015-06-02T23:39:35.460022-07:00 JohnMeister slapd[1292]: conn=274481 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"
2015-06-02T23:39:35.460380-07:00 JohnMeister nscd: nss-ldap: do_open: do_start_tls failed:stat=-1
2015-06-02T23:39:35.460703-07:00 JohnMeister nscd: nss_ldap: could not search LDAP server - Server is unavailable

2015-06-02T23:44:28.726172-07:00 JohnMeister sshd[28522]: Invalid user admin from 117.253.107.228
2015-06-02T23:44:28.726701-07:00 JohnMeister sshd[28522]: input_userauth_request: invalid user admin [preauth]
2015-06-02T23:44:30.003905-07:00 JohnMeister sshd[28522]: Received disconnect from 117.253.107.228: 11: ok [preauth]

2015-06-02T23:45:01.233943-07:00 JohnMeister /usr/sbin/cron[28585]: pam_unix(crond:session): session opened for user root by (uid=0)
2015-06-02T23:45:01.238076-07:00 JohnMeister systemd[1]: Starting Session 1474 of user root.
2015-06-02T23:45:01.238576-07:00 JohnMeister systemd[1]: Started Session 1474 of user root.

2015-06-02T23:45:01.282959-07:00 JohnMeister /USR/SBIN/CRON[28585]: pam_unix(crond:session): session closed for user root

2015-06-02T23:45:25.754675-07:00 JohnMeister systemd[1]: Stopped NIS/YP (Network Information Service) Clients to NIS Domain Binder.
2015-06-02T23:45:27.261467-07:00 JohnMeister systemd[1]: Stopping Name Service Cache Daemon...
2015-06-02T23:45:27.267625-07:00 JohnMeister systemd[1]: Starting Name Service Cache Daemon...
2015-06-02T23:45:27.271752-07:00 JohnMeister systemd[1]: Started Name Service Cache Daemon.
2015-06-02T23:45:27.392324-07:00 JohnMeister systemd[1]: Stopped Automounts filesystems on demand.
2015-06-02T23:45:58.789956-07:00 JohnMeister systemd[1]: Reloading.
2015-06-02T23:45:59.725976-07:00 JohnMeister systemd[1]: [/usr/lib/systemd/system/rtkit-daemon.service:32] Unknown lvalue 'ControlGroup' in section 'Service'

2015-06-02T23:45:59.813743-07:00 JohnMeister systemd[1]: Stopping LSB: OpenLDAP Server (slapd)...
2015-06-02T23:46:00.004057-07:00 JohnMeister slapd[1292]: daemon: shutdown requested and initiated.
2015-06-02T23:46:00.026534-07:00 JohnMeister slapd[1292]: slapd shutdown: waiting for 0 operations/tasks to finish
2015-06-02T23:46:00.258264-07:00 JohnMeister slapd[1292]: DIGEST-MD5 common mech free
2015-06-02T23:46:00.276101-07:00 JohnMeister slapd[1292]: slapd stopped.
2015-06-02T23:46:00.465148-07:00 JohnMeister ldap[28749]: Shutting down ldap-server..done
2015-06-02T23:46:00.465934-07:00 JohnMeister systemd[1]: Stopped LSB: OpenLDAP Server (slapd).

2015-06-02T23:47:36.606087-07:00 JohnMeister sshd[28845]: Invalid user admin from 2.229.35.90
2015-06-02T23:47:36.606586-07:00 JohnMeister sshd[28845]: input_userauth_request: invalid user admin [preauth]
2015-06-02T23:47:37.021599-07:00 JohnMeister sshd[28845]: Received disconnect from 2.229.35.90: 11: ok [preauth]

------------------------------------------------
Now that we've got the "slapd" error message cleaned up...  let's try to clean up more of the message file...
so, let's look at these invalid user attempts:
2015-06-02T23:47:36.606087-07:00 JohnMeister sshd[28845]: Invalid user admin from 2.229.35.90

this page describes the process of finding WHO is doing it, and provides a means to stop them:

http://johnmeister.com/linux/Notes/using-iptables-to-block-spammers-or-attackers.html