Red-hat 8.1 Manual de usuario Pagina 164
- Pagina / 292
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
NOTE
The Directory Server operation number starts counting at 0, and, in the majority of LDAP
SDK/client implementations, the message ID number starts counting at 1, which explains why the
message ID is frequently equal to the Directory Server operation number plus 1.
SASL Multi- Stage Bind Logging
In Directory Server, logging for multi-stage binds is explicit. Each stage in the bind process is logged.
The error codes for these SASL connections are really return codes. In Example 5.1, “Example Access
Log”, the SASL bind is currently in progress so it has a return code of err=14 , meaning the connection
is still open, and there is a corresponding progress statement, SASL bind in progress.
[21/Apr/2009:11:39:55 -0700] conn=14 op=0 BIND dn="" method=sasl version=3
mech=DIGEST-MD5
[21/Apr/2009:11:39:55 -0700] conn=14 op=0 RESULT err=14 tag=97 nentries=0
etim e=0, S ASL bind in progress
In logging a SASL bind, the sasl method is followed by the LDAP version number and the SASL
mechanism used, as shown below with the GSS-API mechanism.
[21/Apr/2009:12:57:14 -0700] conn=32 op=0 BIND dn="" method=sasl version=3
mech= GSSAPI
NOTE
The authenticated DN (the DN used for access control decisions) is now logged in the BIND
result line as opposed to the bind request line, as was previously the case:
[21/Apr/2009:11:39:55 -0700] conn=14 op=1 RESULT err=0 tag=97 nentries=0
etim e=0 dn="uid=jdoe,dc=example,dc=com"
For SASL binds, the DN value displayed in the bind request line is not used by the server and, as
a consequence, is not relevant. However, given that the authenticated DN is the DN which, for
SASL binds, must be used for audit purposes, it is essential that this be clearly logged. Having
this authenticated DN logged in the bind result line avoids any confusion as to which DN is which.
5.1.3. Access Log Cont ent for Additional Access Logging Levels
This section presents the additional access logging levels available in the Directory Server access log.
In Example 5.2, “Access Log Extract with Internal Access Operations Level (Level 4)”, access logging
level 4, which logs internal operations, is enabled.
Exa mple 5.2. Access Log Extract with Internal Acce ss Operations Le vel (Level 4 )
[12/Jul/2009:16:45:46 +0200] conn=Internal op=-1 SRCH
base="cn=\22dc=example,dc=com\22,cn=m apping tree,cn=config"scope=0
filter="objectclass=nsMappingTree"attrs="nsslapd-referral" options=persistent
[12/Jul/2009:16:45:46 +0200] conn=Internal op=-1 RESULT err=0 tag=48
nentries=1etime=0
[12/Jul/2009:16:45:46 +0200] conn=Internal op=-1 SRCH
base="cn=\22dc=example,dc=com\22,cn=m apping tree,cn=config"scope=0
filter="objectclass=nsMappingTree" attrs="nsslapd-state"
[12/Jul/2009:16:45:46 +0200] conn=Internal op=-1 RESULT err=0 tag=48
nentries=1etime=0
Access log level 4 enables logging for internal operations, which log search base, scope, filter, and
requested search attributes, in addition to the details of the search being performed.
In the following example, access logging level 768 is enabled (512 + 256), which logs access to entries
and referrals. In this extract, six entries and one referral are returned in response to the search request,
which is shown on the first line.
164 Chapter 5. Log File Reference
- Red Hat Directory Server 8.1 1
- Legal Notice 2
- Abstract 3
- Table of Contents 4
- 6 Table of Contents 6
- About This Reference 8
- 3. Additional Reading 9
- 10 About This Reference 10
- Chapter 1. Introduction 11
- SSLDescriptors 43
- NOTE> 47
- 2.5. Legacy Attributes 98
- 4.2. Backup Files 154
- 4.3. Configuration Files 154
- 4.4. Database Files 154
- 4.5. LDIF Files 155
- 4.6. Lock Files 155
- 4.8. PID Files 156
- 4.9. Tools 156
- 4.7. Log Files 156
- 4.10. Scripts 157
- Chapter 5. Log File Reference 158
- 5.2. Error Log Reference 166
- 5.3. Audit Log Reference 172
- 5.4. LDAP Result Codes 173
- 6.2. Using Special Characters 175
- 6.4. ldapsearch 176
- "(objectclass=* )" 177
- -w diner892 179
- -P /security/cert.db 181
- -W secret 181
- "authid=test_user" 182
- -f search_filters 186
- -J control OID:boolean 187
- -S sn -S givenname 187
- 6.5. ldapmodify 188
- -f modify_statements 189
- -h cyclops 189
- -w mypassword 189
- 6.6. ldapdelete 194
- 6.7. ldappasswd 198
- -a old_password 199
- -S new_password 199
- -T new_password.txt 199
- -t old_password.txt 199
- -N Server-Cert 200
- 6.8. ldif 203
- 6.9. dbscan 204
- 7.3. Shell Scripts 208
- IMPORTANT 212
- -g deterministic namespace_id 214
- 7.4. Perl Scripts 219
- -g deterministic namespaceId 225
- A.1. Overview of ns-slapd 240
- Glossary 244
- 24 6 Glossary 246
- 24 8 Glossary 248
- 250 Glossary 250
- 252 Glossary 252
- 254 Glossary 254
- 256 Glossary 256
- 258 Glossary 258
- 260 Index 260
- 262 Index 262
- 264 Index 264
- 266 Index 266
- 268 Index 268
- 270 Index 270
- 272 Index 272
- 274 Index 274
- 276 Index 276
- 278 Index 278
- 280 Index 280
- 282 Index 282
- 284 Index 284
- 286 Index 286
- 288 Index 288
- 290 Index 290
- 292 Index 292
© 2020, manymanuals.es. Todos los derechos reservados | 0.182 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales