[Date Prev][Date Next] [Chronological] [Thread] [Top]

Stat logging for SASL BIND (ITS#2017)

To: openldap-its@OpenLDAP.org
Subject: Stat logging for SASL BIND (ITS#2017)
From: andrew.findlay@skills-1st.co.uk
Date: Fri, 9 Aug 2002 14:59:39 GMT

Full_Name: Andrew Findlay
Version: HEAD 9 Aug 2002
OS: FreeBSD 4.6
URL: ftp://ftp.openldap.org/incoming/andrew-findlay-020809-a.diff
Submission from: (NULL) (217.206.98.194)


The stat log does not currently record the identity of clients binding with
SASL.
Even with simple non-SASL bind, the record reflects the *request* rather than
the authenticated result, and it is not possible to see how strong the
authentication was.

The diff I have supplied for servers/slapd/bind.c shows the sort of data I am
thinking of, and has been tested with DIGEST-MD5. I feel that there must be a
better place to handle this though: some more general code sitting on the end of
the bind process that can interpret and log all the success and failure cases.
Such code could satisfy ITS#1809 as well.

Prev by Date: Re: Liberal parsing of schema elements (ITS#1996)
Next by Date: Reproducible crash: slurpd+TLS
Index(es):
- Chronological
- Thread