Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-655

Message about authentication failures should contain identification of the user for easier analysis.

    Details

    • Type: Improvement
    • Status: Done
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.4.6
    • Fix Version/s: 2.6.0
    • Component/s: core server
    • Labels:
      None

      Description

      When authentication fails, the server returns an error 49, and logs detail in the Access log.
      Some messages contain the user DN, some don't.
      When parsing access logs, it's difficult to detect if a user was under attack or not if the user DN is not specifically present in the detailed message logged.

      Lets make sure the DN is always part of the authFailureReason part of the log.

      Exemples :
      [02/Apr/2012:07:16:49 +0200] BIND RES conn=2083068 op=0 msgID=1 result=49 authFailureID=196887 authFailureReason="The password provided by the user did not match any password(s) stored in the user's entry" etime=1

      [02/Apr/2012:07:30:50 +0200] BIND RES conn=2090471 op=0 msgID=1 result=49 authFailureID=196826 authFailureReason="Unable to bind to the Directory Server as user uid=SomeUser,ou=People,dc=example,dc=com because no such user exists in the server" etime=0

      [01/Apr/2012:09:56:46 +0200] BIND RES conn=1423550 op=0 msgID=1 result=49 authFailureID=197125 authFailureReason="Rejecting a bind request for user uid=x123456,ou=People,dc=example,dc=com because the account has been administrative disabled" etime=1

        Attachments

          Activity

            People

            • Assignee:
              JnRouvignac Jean-Noël Rouvignac
              Reporter:
              ludo Ludovic Poitou
              Dev Assignee:
              Jean-Noël Rouvignac
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: