Access Log Content
Chapter 5 Access Log and Connection Code Reference 219
[21/Apr/2005:12:57:14 -0700] conn=32 op=0 BIND dn="" method=sasl
version=3 mech=GSSAPI
Access Log Content for Additional Access Logging
Levels
This section presents the additional access logging levels available in the Directory
Server access log. In Code Example 5-2, access logging level 4, which logs internal
operations, is enabled.
NOTE The authenticated DN (the DN used for access control decisions) is
now logged in the BIND result line as opposed to the bind request
line, as was previously the case:
[21/Apr/2005:11:39:55 -0700] conn=14 op=1 RESULT err=0
tag=97 nentries=0 etime=0
dn="uid=jdoe,dc=example,dc=com"
For SASL binds, the DN value displayed in the BIND request line is
not used by the server and, as a consequence, is not relevant.
However, given that the authenticated DN is the DN which, for
SASL binds, must be used for audit purposes, it is essential that this
be clearly logged. Having this authenticated DN logged in the BIND
result line avoids any confusion as to which DN is which.
Code Example 5-2 Access Log Extract with Internal Access Operations Level (Level 4)
[12/Jul/2005:16:45:46 +0200] conn=Internal op=-1 SRCH
base="cn=\22dc=example,dc=com\22,cn=mapping
tree,cn=config"scope=0
filter="objectclass=nsMappingTree"attrs="nsslapd-referral"
options=persistent
12/Jul/2005:16:45:46 +0200] conn=Internal op=-1 RESULT err=0
tag=48 nentries=1etime=0
[12/Jul/2005:16:45:46 +0200] conn=Internal op=-1 SRCH
base="cn=\22dc=example,dc=com\22,cn=mapping tree,cn=config"
scope=0 filter="objectclass=nsMappingTree" attrs="nsslapd-state"
[12/Jul/2005:16:45:46 +0200] conn=Internal op=-1 RESULT err=0
tag=48 nentries=1etime=0
To Next Page
Loading...