Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-37155

Improve the LDAP server logging

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 3.6.11, 4.0.7, 4.1.7
    • Affects Version/s: 3.6.6
    • Component/s: Logging
    • Labels:
    • Fully Compatible
    • v4.0, v3.6
    • Security 2018-12-17, Security 2018-12-31

      Currently the LDAP server is always reported as default in MongoDB Enterprise Server logs, for example:

      2018-09-14T14:14:17.481-0700 D ACCESS   [conn3] LDAPAPIInfo: { ldapai_info_version: 1, ldapai_api_version: 3001, ldap_protocol_ver
      sion: 3, ldapai_extensions: [X_OPENLDAP], ldapai_vendor_name: OpenLDAP, ldapai_vendor_version: 20444}
      2018-09-14T14:14:17.481-0700 D ACCESS   [conn3] Binding to LDAP server "default" with bind parameters: {BindDN: mdb, authenticationType: simple}
      2018-09-14T14:14:37.503-0700 E ACCESS   [conn3] Failed to bind to LDAP server at default: Can't contact LDAP server. Bind parameters were: {BindDN: mdb, authenticationType: simple}
      2018-09-14T14:14:37.503-0700 I ACCESS   [conn3] PLAIN authentication failed for mdb on $external from client ; OperationFailed: LDAP bind failed with error: Can't contact LDAP server

      This makes the investigations unnecessary complicated, especially if a customer is using many LDAP server behind a single hostname - I've seen up to 33 hosts.

      We need to log the IP address (and a hostname) of LDAP server which we're currently talking to.

            isabella.siu@mongodb.com Isabella Siu (Inactive)
            andrey.brindeyev@mongodb.com Andrey Brindeyev
            0 Vote for this issue
            11 Start watching this issue