Manualshelf

Red Hat Directory Server 8.0 Configuration, Command, and File Reference

ManualsBrandsHP ManualsSoftwareHP-UX Red Hat Directory Server Software
201202203204205206207208209210
1.2.20. SASL Multi-Stage Bind Logging
In Directory Server, logging for multi-stage binds is explicit. Each stage in the bind process is
logged, and, where appropriate, the progress statement SASL bind in progress is included.
In logging a SASL bind, the sasl method is followed by the LDAP version number (see
Section 1.2.6, “Version Number”) and the SASL mechanism used, as shown below with the
GSS-API mechanism.
[21/Apr/2007:12:57:14 -0700] conn=32 op=0 BIND dn="" method=sasl version=3
mech=GSSAPI
NOTE
The authenticated DN (the DN used for access control decisions) is now logged
in the BIND result line as opposed to the bind request line, as was previously the
case:
[21/Apr/2007:11:39:55 -0700] conn=14 op=1 RESULT err=0 tag=97 nentries=0
etime=0
dn="uid=jdoe,dc=example,dc=com"
For SASL binds, the DN value displayed in the bind request line is not used by
the server and, as a consequence, is not relevant. However, given that the
authenticated DN is the DN which, for SASL binds, must be used for audit
purposes, it is essential that this be clearly logged. Having this authenticated DN
logged in the bind result line avoids any confusion as to which DN is which.
1.3. Access Log Content for Additional Access Logging Levels
This section presents the additional access logging levels available in the Directory Server
access log. In the following example, access logging level 4, which logs internal operations, is
enabled.
[12/Jul/2007:16:45:46 +0200] conn=Internal op=-1
SRCH base="cn=\22dc=example,dc=com\22,cn=mapping tree,cn=config"scope=0
filter="objectclass=nsMappingTree"attrs="nsslapd-referral"
options=persistent
[12/Jul/2007:16:45:46 +0200] conn=Internal op=-1 RESULT err=0 tag=48
nentries=1etime=0
[12/Jul/2007:16:45:46 +0200] conn=Internal op=-1
SRCH base="cn=\22dc=example,dc=com\22,cn=mapping tree,cn=config"scope=0
filter="objectclass=nsMappingTree" attrs="nsslapd-state"
[12/Jul/2007:16:45:46 +0200] conn=Internal op=-1 RESULT err=0 tag=48
nentries=1etime=0
Access Log Content for Additional Access
189