[SERVER-79978] Improve OpenLDAP-specific logging Created: 14/Aug/23  Updated: 29/Oct/23  Resolved: 27/Sep/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.2.0-rc0

Type: Task Priority: Major - P3
Reporter: Varun Ravichandran Assignee: Varun Ravichandran
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Assigned Teams:
Server Security
Backwards Compatibility: Fully Compatible
Sprint: Security 2023-09-04, Security 2023-09-18, Security 2023-10-02
Participants:

 Description   

Today, there are a few issues that make it challenging to debug OpenLDAP-specific issues. Making the following logging-related adjustments will help isolate the root cause of LDAP failures.

  1. Reduce the verbosity of MongoDB logs issued within the OpenLDAPConnection class to 1. This is lower than the verbosity of most connection pool logs (2+) and thus can be used to filter logs better.
  2. Investigate setting LDAP_OPT_DEBUG_LEVEL to a higher level (it is currently not being set). This may elicit better diagnostic messages when libldap encounters errors.
  3. Produce a new startup warning log when running RHEL 7 informing customers that OpenLDAP may not properly enforce timeouts when chasing referrals.

Generated at Thu Feb 08 06:42:24 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.