This topic has 3 replies, 2 voices, and was last updated 5 years, 8 months ago by Bill Nelson.
-
AuthorPosts
-
November 18, 2016 at 2:15 pm #14348
buddhadeb.das
ParticipantHi All,
We are using openDJ 3.0 in our environment.We need to ensure that we are able to track all the activities performed by our directory administrator.I have checked the access logs, it give us the details of all the activities performed on the server like entry (create,update,delete) however i don’t see the logs capturing any details of user who has performed these operations on the directory server.How can I achive this in OpenDJ.
Thanks,
BuddhadebNovember 18, 2016 at 2:37 pm #14349Bill Nelson
ParticipantA complete log sequence (in the logs/access log) consists of the TCP connection, the BIND operation, some other operation (i.e. MODIFY), and finally the disconnect of the TCP connection. The following is a sample.
[18/Nov/2016:13:37:35 +0000] CONNECT conn=1 from=127.0.0.1:39526 to=127.0.0.1:4389 protocol=LDAP [18/Nov/2016:13:37:35 +0000] BIND REQ conn=1 op=0 msgID=1 version=3 type=SIMPLE dn="cn=directory manager" [18/Nov/2016:13:37:35 +0000] BIND RES conn=1 op=0 msgID=1 result=0 authDN="cn=Directory Manager,cn=Root DNs,cn=config" etime=1 [18/Nov/2016:13:38:28 +0000] MODIFY REQ conn=1 op=1 msgID=2 dn="uid=jdoe,ou=people,dc=example,dc=com" [18/Nov/2016:13:38:28 +0000] MODIFY RES conn=1 op=1 msgID=2 result=0 etime=44 [18/Nov/2016:13:38:30 +0000] DISCONNECT conn=1 reason="Client Disconnect"
The “conn” value ties all log entries together. The “op” value shows the operations (BIND, MODIFY as shown above) that are performed across that connection. To determine that it was the rootDN that performed the operation, you would need to find the operation in question and then look at previous entries to find the DN of the entry that performed the BIND operation for the associated connection id.
Easy peasy, right.
bill
November 21, 2016 at 10:08 am #14366buddhadeb.das
ParticipantThanks a lot Bill this helps a lot.
November 25, 2016 at 1:17 pm #14493Bill Nelson
ParticipantYou are welcome, @buddhadeb-das.
Glad I could help!
-
AuthorPosts
You must be logged in to reply to this topic.