Hi guys,

I was wondering if any of you had seen ldaps/slapd logs like this before or if anyone can shed any light on whats happening.

These entries are being logged almost constantly:

Code:
Dec  3 08:31:24 mavzl4031rm slapd[14257]: conn=12 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text=
Dec  3 08:31:24 mavzl4031rm slapd[14257]: conn=13 op=7 SRCH base="o=myDomain" scope=2 deref=0 filter="(&(objectClass=ipService)(cn=info-aps))"
Dec  3 08:31:24 mavzl4031rm slapd[14257]: conn=13 op=7 SRCH attr=cn ipServicePort ipServiceProtocol
Dec  3 08:31:24 mavzl4031rm slapd[14257]: conn=13 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text=
Dec  3 08:31:25 mavzl4031rm slapd[14257]: conn=14 op=7 SRCH base="o=myDomain" scope=2 deref=0 filter="(&(objectClass=ipService)(cn=info-aps))"
Dec  3 08:31:25 mavzl4031rm slapd[14257]: conn=14 op=7 SRCH attr=cn ipServicePort ipServiceProtocol
Dec  3 08:31:25 mavzl4031rm slapd[14257]: conn=14 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text=
Dec  3 08:31:25 mavzl4031rm slapd[14257]: conn=15 op=7 SRCH base="o=myDomain" scope=2 deref=0 filter="(&(objectClass=ipService)(cn=info-aps))"
Dec  3 08:31:25 mavzl4031rm slapd[14257]: conn=15 op=7 SRCH attr=cn ipServicePort ipServiceProtocol
Dec  3 08:31:25 mavzl4031rm slapd[14257]: conn=15 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text=
I've turned on firewall logging for port 636 and the incoming ldaps requests don't reflect what is being logged in the slightest. So I can only assume that what ever is happening is originating on the ldaps server itself. Any ideas?
We have no "info-aps" context defined, and a google on that just comes up with a port warning for a virus / trojan on 6400 (which isn't open in either direction). The server is a recent install and has been checked for root kits, although I really didn't expect to find anything as it's an internal server.