When OpenStack /Keystone is configured with ldap, it logs personal information in debug mode. The information logged is based completely on the parameters given as input while configuring ldap. But in a production environment, LDAP generally has information about real people (natural person) and with GDPR compliance around the corner, we should be very careful about what we log. Personal information about a natural person cannot be logged , stored or transferred without the consent of the person themselves. Having said that, the information logged below is very useful while debugging OpenStack/LDAP configuration issues.
When OpenStack /Keystone is configured with ldap, it logs personal information in debug mode. The information logged is based completely on the parameters given as input while configuring ldap. But in a production environment, LDAP generally has information about real people (natural person) and with GDPR compliance around the corner, we should be very careful about what we log. Personal information about a natural person cannot be logged , stored or transferred without the consent of the person themselves. Having said that, the information logged below is very useful while debugging OpenStack/LDAP configuration issues.
https:/ /github. com/openstack/ keystone/ blob/master/ keystone/ identity/ backends/ ldap/common. py#L920
2018-04-20 09:49:10.548 19412 DEBUG keystone. identity. backends. ldap.common [req-7abe3850- 9937-4867- a1a7-f92d7757cc b1 8ed02367de541e8 741badb6ce097a9 75a9233b464e6d2 15dde7bac48a3f2 f54a 6d6da87e2345480 b93821568c958cc 81 - 46f848196da64f9 caaf8e5304bba87 0b 46f848196da64f9 caaf8e5304bba87 0b] LDAP search: base=o=xxx_suffix scope=2 filterstr= (&(postaladdres s=#56780, 14thmain, ubcity, bangalore) (objectClass= posixaccount) ) attrs=['cn', 'userPassword', 'enabled', 'mail', 'postaladdress', 'desc'] attrsonly=0 search_s /usr/lib/ python2. 7/site- packages/ keystone/ identity/ backends/ ldap/common. py:922
keystone. log:2018- 04-19 04:26:04.680 72157 DEBUG keystone. identity. backends. ldap.common [req-3a092189- a85a-40da- 8ffe-88bec3d430 d8 d61bbf804a64cdc 47df20632987500 c868562fe0627fc 9c49 5a5e336017aec18 67 - fa87845eedd8477 08aa71d51ef84ae a6 fa87845eedd8477 08aa71d51ef84ae a6] LDAP search: base=cn= Users,dc= finktest, dc=org scope=2 filters )(objectClass= user)) attrs=[ 'description' , 'userPassword', 'enabled', 'userPrincipalN ame', 'mail', 'cn'] attrsonly=0 search_s /usr/lib/py site-packages/ keystone/ identity/ backends/ ldap/common. py:922
7ca4494f96adcd8 9ea574babbca4cd
tr=(&(<email address hidden>
thon2.7/