[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Evidence of client information in openldap accesslog

I got your point Marco. Its a very interesting idea really, I was looking for something like that too. I'm wondering if its possible with slapo-accesslog to record the IP address from client who perform bind/unbind. If we can record this then its possible to track the user login on the server.

On Thu, Aug 12, 2010 at 1:02 PM, Marco Pizzoli <marco.pizzoli@gmail.com> wrote:
Hi Jonathan, thank's for the answer.
You're right, but I'm trying to implement a report to my security management and so I'm implemementing a meta-directory on top of access-logs written by a cluster of 4-way multi-master OL instances.
Having to go to retrieve logs splitted locally on 4 machines is not so effective.

What I'm searching for, if is it possibile, is a way to propagate the information of the client machine to the authentication directory.
And, as a consequence, obtain that information by means of a simple LDAP search to the accesslog.
If necessary, I can go to manipulate the config of client OS (nss_ldap on Linux and secldapclntd on AIX).

Thanks again

On Thu, Aug 12, 2010 at 5:48 PM, Jonathan Clarke <jonathan@phillipoux.net> wrote:
On 12/08/2010 14:23, Marco Pizzoli wrote:
Hi list,
I'm implementing slapo-accesslog in my openldap deployment.

I have about 100 unix/linux systems that use a central openldap
deployment to make authentication and grant access to users.

With accesslog I'm able to see when a particular user has logged in, but
is there a way to obtain, on the LDAP server side, information about
which system has been accessed?

You could analyze the server's logs (not accesslog, just the syslog, assuming a loglevel stats) to see which client IPs are connecting.

Jonathan Clarke - jonathan@phillipoux.net
Ldap Synchronization Connector (LSC) - http://lsc-project.org

Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi.
                    Jim Morrison