[SERVER-37155] Improve the LDAP server logging Created: 14/Sep/18  Updated: 29/Oct/23  Resolved: 21/Dec/18

Status: Closed
Project: Core Server
Component/s: Logging
Affects Version/s: 3.6.6
Fix Version/s: 3.6.11, 4.0.7, 4.1.7

Type: Improvement Priority: Major - P3
Reporter: Andrey Brindeyev Assignee: Isabella Siu (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
is depended on by SERVER-45836 Provide more LDAP details (like serve... Closed
Related
Backwards Compatibility: Fully Compatible
Backport Requested:
v4.0, v3.6
Sprint: Security 2018-12-17, Security 2018-12-31
Participants:
Case:

 Description   

Currently the LDAP server is always reported as default in MongoDB Enterprise Server logs, for example:

2018-09-14T14:14:17.481-0700 D ACCESS   [conn3] LDAPAPIInfo: { ldapai_info_version: 1, ldapai_api_version: 3001, ldap_protocol_ver
sion: 3, ldapai_extensions: [X_OPENLDAP], ldapai_vendor_name: OpenLDAP, ldapai_vendor_version: 20444}
2018-09-14T14:14:17.481-0700 D ACCESS   [conn3] Binding to LDAP server "default" with bind parameters: {BindDN: mdb, authenticationType: simple}
2018-09-14T14:14:37.503-0700 E ACCESS   [conn3] Failed to bind to LDAP server at default: Can't contact LDAP server. Bind parameters were: {BindDN: mdb, authenticationType: simple}
2018-09-14T14:14:37.503-0700 I ACCESS   [conn3] PLAIN authentication failed for mdb on $external from client 10.211.55.20:37728 ; OperationFailed: LDAP bind failed with error: Can't contact LDAP server

This makes the investigations unnecessary complicated, especially if a customer is using many LDAP server behind a single hostname - I've seen up to 33 hosts.

We need to log the IP address (and a hostname) of LDAP server which we're currently talking to.



 Comments   
Comment by Nic Cottrell [ 31/Jan/20 ]

Just for the record, I opened a new SERVER-45836 to request some more details at default log levels.

Comment by Githook User [ 08/Feb/19 ]

Author:

{'name': 'Isabella Siu', 'email': 'isabella.siu@10gen.com', 'username': 'iwysiu'}

Message: SERVER-37155 improve LDAP server logging

(cherry picked from commit be8df8edb4f26f8b5cf3d1c6a1750672cba49ca4)
Branch: v4.0
https://github.com/10gen/mongo-enterprise-modules/commit/c0619168ebaf26af849f277c250b2e33da0b450b

Comment by Githook User [ 30/Jan/19 ]

Author:

{'email': 'isabella.siu@10gen.com', 'name': 'Isabella Siu'}

Message: SERVER-37155 improve LDAP server logging

(cherry picked from commit be8df8edb4f26f8b5cf3d1c6a1750672cba49ca4)
Branch: v3.6
https://github.com/10gen/mongo-enterprise-modules/commit/ba2b8c93997990316a3ec52bb98da39adfbc1c8c

Comment by Githook User [ 21/Dec/18 ]

Author:

{'username': 'iwysiu', 'email': 'isabella.siu@10gen.com', 'name': 'Isabella Siu'}

Message: SERVER-37155 improve LDAP server logging
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/be8df8edb4f26f8b5cf3d1c6a1750672cba49ca4

Generated at Thu Feb 08 04:45:08 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.