MMP Logging Does Not Capture Badguy UserID or Reason (Doc ID 2077653.1)

Last updated on JUNE 29, 2017

Applies to:

Oracle Communications Messaging Server - Version 7.0.0 and later
Information in this document applies to any platform.

Symptoms

When MMP logs a "badguy" message, because an attempted userID does not exist (such as an attacker trying to guess userIDs), there is no simple way to determine what userID is being attempted.  Is it a user repeatedly entering their userID incorrectly or an attacker trying a sequential userID attack? 

Example, debug log level:

One can derive some conclusion if "ldap" is set on debugkeys (such as a search returning zero results), but the amount of data it produces is excessive when we really just want to know the userID and get an idea of why it was declared a badguy.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms