[Date Prev][Date Next]
Re: Bind DN not logged with GSSAPI binds (ITS#2283)
At 06:07 PM 1/21/2003, firstname.lastname@example.org wrote:
>Full_Name: Quanah Gibson-Mount
>OS: Solaris 8
>Submission from: (NULL) (188.8.131.52)
>In the past (due to a previous request, as I recall), openldap would log the
>BIND dn of a person making a GSSAPI connection at loglevel 256.
The authorization DN (which is not necessarily the bind DN) is
logged both at 256 (STATS) and at 1 (TRACE). The message is
labeled "AUTHZ" in 2.1.12 but will labeled "BIND" in the next
release (for consistency with other messages).
>logs the authcid and the authzid now, but the resulting BIND dn (in the case of
>group memberships) is not being logged.
authzid is the authorization DN used for ACLs, etc..
>It is important to know to what BIND DN
>these two bits of information were eventually resolved to.
A recent software message shows logging is working.