Friday, December 10, 2021

[389-users] Re: access log - successful authentication

On 12/10/21 11:52 AM, Karandikar, Neel wrote:



Is there a simple way to tell that a user has been authenticated by looking at the access log?


something like "authentication successful" in the access log

I have been looking at the access log file and enabled the various logging levels, and although I can personally tell that a user has been authenticated, there is no message that I can search on if I need to audit the logs to see date/time/user for a successful auth.

Is there another log I should be looking at?

You don't need any special log level.  Here is example of a bind:

[09/Dec/2021:15:55:16.802488625 -0500] conn=1495 op=0 BIND dn="uid=mark,ou=people,dc=example,dc=com" method=128 version=3
[09/Dec/2021:15:55:16.802512145 -0500] conn=1495 op=0 RESULT err=0 tag=97 nentries=0 wtime=0.000038938 optime=0.000092073 etime=0.000130010 dn="uid=mark,ou=people,dc=example,dc=com"

So "tag=97" means it's a BIND result, "err=0" means success, and it also includes the entry's bind DN:   dn="uid=mark,ou=people,dc=example,dc=com"

If authentication fails then you would see "err=49" instead of "err=0".







_______________________________________________  389-users mailing list --  To unsubscribe send an email to  Fedora Code of Conduct:  List Guidelines:  List Archives:  Do not reply to spam on the list, report it:  
--   Directory Server Development Team

No comments:

Post a Comment