Is there a simple way to tell that a user has been authenticated by looking at the access log?
something like "authentication successful" in the access log
I have been looking at the access log file and enabled the various logging levels, and although I can personally tell that a user has been authenticated, there is no message that I can search on if I need to audit the logs to see date/time/user for a successful auth.
Is there another log I should be looking at?
You don't need any special log level. Here is example of a bind:
[09/Dec/2021:15:55:16.802488625 -0500] conn=1495 op=0 BIND dn="uid=mark,ou=people,dc=example,dc=com" method=128 version=3
[09/Dec/2021:15:55:16.802512145 -0500] conn=1495 op=0 RESULT err=0 tag=97 nentries=0 wtime=0.000038938 optime=0.000092073 etime=0.000130010 dn="uid=mark,ou=people,dc=example,dc=com"
So "tag=97" means it's a BIND result, "err=0" means success, and it also includes the entry's bind DN: dn="uid=mark,ou=people,dc=example,dc=com"
If authentication fails then you would see "err=49" instead of "err=0".
_______________________________________________ 389-users mailing list -- email@example.com To unsubscribe send an email to firstname.lastname@example.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://email@example.com Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
-- Directory Server Development Team