-
Type:
Improvement
-
Resolution: Won't Fix
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: Logging
-
None
-
Security 2019-06-03, Security 2019-06-17, Security 2019-07-01, Security 2019-07-15, Security 2019-07-29
Follow up from SERVER-37155
Update LDAP logging to include connection failures to LDAP servers and retry logic:
Current logs below show a successful authentication that is missing a failed authentication attempt:
2019-05-10T09:56:04.661-0500 D ACCESS [conn20] Binding to LDAP server "default" with bind parameters: {BindDN: mongodb, authenticationType: simple} 2019-05-10T09:56:04.663-0500 D ACCESS [conn20] Connected to LDAP server at 10.0.8.254:389 with LDAP URL: ldap://dcs:389
Suggested Update:
2019-05-10T09:56:01.661-0500 D ACCESS [conn20] Binding to LDAP server "default" with bind parameters: {BindDN: mongodb, authenticationType: simple} ---List "default" servers--- 2019-05-10T09:56:02.663-0500 E ACCESS [conn20] OperationFailed: LDAP operation <ldap_sasl_bind_s>, failed to bind to LDAP server at 10.0.8.200:389 with LDAP URL: ldap://dcs:389. (-1/Can't contact LDAP server): No error could be retrieved from the LDAP server.. Bind parameters were: {BindDN: mongodb, authenticationType: simple} 2019-05-10T09:56:03.663-0500 D ACCESS [conn20] Retrying LDAP connection to server at 10.0.8.254:389 with LDAP URL: ldap://dcs:389 2019-05-10T09:56:04.663-0500 D ACCESS [conn20] Connected to LDAP server at 10.0.8.254:389 with LDAP URL: ldap://dcs:389
In addition, the logs indicating the LDAP server connections are only exposed with verbosity 3 on accessControl. At least the retries and failures should be listed in the default logging for troubleshooting outages.