Major This issue could be considered an RFE or a bug. However, I consider it as more of a bug because the missing information (authentication ID) is pretty critical for auditing and investigating failed authentication attempts. Example:
{
"eventName": "DJ-LDAP",
"client": {
"ip": "127.0.0.1",
"port": 42894
},
"server": {
"ip": "127.0.0.1",
"port": 1389
},
"request": {
"protocol": "LDAP",
"operation": "BIND",
"connId": 7,
"msgId": 1,
"version": "3",
"dn": "",
"authType": "SASL mechanism=SCRAM-SHA-256"
},
"transactionId": "913dc462-0bf0-4e77-b5e5-0636cf3849b8-160",
"response": {
"status": "FAILED",
"statusCode": "14",
"elapsedTime": 1,
"elapsedTimeUnits": "MILLISECONDS",
"failureReason": ""
},
"timestamp": "2019-11-18T17:43:41.392Z",
"_id": "913dc462-0bf0-4e77-b5e5-0636cf3849b8-164"
}
{
"eventName": "DJ-LDAP",
"client": {
"ip": "127.0.0.1",
"port": 42894
},
"server": {
"ip": "127.0.0.1",
"port": 1389
},
"request": {
"protocol": "LDAP",
"operation": "BIND",
"connId": 7,
"msgId": 1,
"version": "3",
"dn": "",
"authType": "SASL mechanism=SCRAM-SHA-256"
},
"transactionId": "913dc462-0bf0-4e77-b5e5-0636cf3849b8-165",
"response": {
"status": "FAILED",
"statusCode": "49",
"elapsedTime": 3,
"elapsedTimeUnits": "MILLISECONDS",
"failureReason": "SASL SCRAM-SHA-256 authentication is not possible for user 'uid=admin' because the user entry does not contain any SCRAM credentials"
},
"timestamp": "2019-11-18T17:43:41.412Z",
"_id": "913dc462-0bf0-4e77-b5e5-0636cf3849b8-169"
}
Fortunately, the final "failureReason" does indicate the user name sent in the bind request, but this is not guaranteed. The first bind request in the sequence gives absolutely no indication that "uid=admin" is attempting to authenticate.