[389-users] Re: access log - successful authentication

On 12/10/21 11:52 AM, Karandikar, Neel wrote:

Hello

 

Is there a simple way to tell that a user has been authenticated by looking at the access log?

/var/log/dirsrv/<slapd-instance>/access

something like "authentication successful" in the access log

I have been looking at the access log file and enabled the various logging levels, and although I can personally tell that a user has been authenticated, there is no message that I can search on if I need to audit the logs to see date/time/user for a successful auth.

Is there another log I should be looking at?

You don't need any special log level.  Here is example of a bind:

[09/Dec/2021:15:55:16.802488625 -0500] conn=1495 op=0 BIND dn="uid=mark,ou=people,dc=example,dc=com" method=128 version=3
[09/Dec/2021:15:55:16.802512145 -0500] conn=1495 op=0 RESULT err=0 tag=97 nentries=0 wtime=0.000038938 optime=0.000092073 etime=0.000130010 dn="uid=mark,ou=people,dc=example,dc=com"

So "tag=97" means it's a BIND result, "err=0" means success, and it also includes the entry's bind DN:   dn="uid=mark,ou=people,dc=example,dc=com"

If authentication fails then you would see "err=49" instead of "err=0".

HTH,
Mark

 

Thx

 

NeeL

 

_______________________________________________  389-users mailing list -- 389-users@lists.fedoraproject.org  To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org  Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/  List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines  List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org  Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure  

--   Directory Server Development Team