Rich,

Thanks for information.

David

On Thu, Jul 10, 2008 at 6:32 PM, Rich Megginson <rmeggins@redhat.com> wrote:
Chun Tat David Chu wrote:
Hi all,

I've a question on monitoring authorization.

When a user without sufficient privileges and perform a search request on the LDAP, the user will receive an empty result from the LDAP.
I followed the instruction from the Red hat Directory Server Administrator's Guide and set the access mode to 777 to log all read, write and execute commands.

When I look at the log of an unauthorize user, all I see is the following
[07/Jul/2008:11:08:37 -0400] conn=42 op=81 SRCH base="ou=sandbox,ou=my_test,dc=example,dc=com" scope=1 filter="(objectClass=*)" attrs="objectClass javaClassName"
[07/Jul/2008:11:08:37 -0400] conn=42 op=81 RESULT err=0 tag=101 nentries=0 etime=0

The log doesn't indicate any authorization error.  I was wondering if there's additional settings that I can set on Fedora DS so I can easily tell if a user is not authorize to perform a search operation on the LDAP.
In general, no.  However, you could use Get Effective Rights - http://www.redhat.com/docs/manuals/dir-server/release-notes/ger.html

Thanks!

- David



------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 


--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users