Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-76883

Reduce chattiness of "Role does not exist" logs for externally sourced users

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Critical - P2 Critical - P2
    • 8.1.0-rc0, 8.0.1
    • Affects Version/s: None
    • Component/s: None
    • None
    • Server Security
    • Fully Compatible
    • v8.0, v7.0, v6.0
    • Security 2023-07-24, Security 2023-08-07, Security 2023-08-21, Security 2023-09-04, Security 2024-08-19, Security 2024-09-02, Security 2024-09-16

      The server emits an INFO-level log when it is unable to find a role document for a role name that it has resolved. For internally-managed users, this is an unexpected scenario and warrants an info or warning-level log. For users using LDAP authorization, this is expected to occur as many of these users will have LDAP groups that do not directly map to MongoDB roles.

      When the server refreshes cached LDAP users out-of-band, it performs numerous LDAP queries regularly and resolves them to MongoDB roles. As a result, this log becomes very noisy.

      We should consider emitting this log as a warning for internally-authorized users only. For externally-authorized users, we can keep this log with higher debug verbosity so that it can be suppressed. LDAP users only need a warning log if none of their member groups can be mapped to MongoDB role documents. 

            Assignee:
            varun.ravichandran@mongodb.com Varun Ravichandran
            Reporter:
            varun.ravichandran@mongodb.com Varun Ravichandran
            Votes:
            2 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved: