In the SearchStax Managed Search service, an “LDAP Error” in your solr.log file means:
- That someone tried to penetrate your deployment using the CVE-2021-44228 / Log4j Flaw Vulnerability, and
- Your Solr endpoint is not protected by IP Filtering.
The log entry contains Unknown action: ldap:// as shown below.
solr.log:164:2021-12-17 08:08:20.590 ERROR (qtp1302227152-22) [ ]
o.a.s.h.RequestHandlerBase org.apache.solr.common.SolrException:
Unknown action: ldap://1o629dkslkws4pye.cadns.me
There is no need to panic. Searchstax deployments are secure against the log4j exploit. The LDAP messages can be avoided by adjusting the IP Filter settings for the Solr endpoint. Be sure to remove the 0.0.0.0/0 filter and replace it with the address of your work computer and/or the server that accesses Solr. This will prevent hackers from even attempting this exploit.
Log4j Vulnerability fixed in Solr 8.11.1
The Log4j vulnerability mentioned above has been corrected as of Solr 8.11.1.
Questions?
Do not hesitate to contact the SearchStax Support Desk.