[Fedora-directory-users] Question on monitoring authorization
Rich Megginson
rmeggins at redhat.com
Thu Jul 10 22:32:55 UTC 2008
Chun Tat David Chu wrote:
> Hi all,
>
> I've a question on monitoring authorization.
>
> When a user without sufficient privileges and perform a search request
> on the LDAP, the user will receive an empty result from the LDAP.
>
> I followed the instruction from the Red hat Directory Server
> Administrator's Guide and set the access mode to 777 to log all read,
> write and execute commands.
>
> When I look at the log of an unauthorize user, all I see is the following
> [07/Jul/2008:11:08:37 -0400] conn=42 op=81 SRCH
> base="ou=sandbox,ou=my_test,dc=example,dc=com" scope=1
> filter="(objectClass=*)" attrs="objectClass javaClassName"
> [07/Jul/2008:11:08:37 -0400] conn=42 op=81 RESULT err=0 tag=101
> nentries=0 etime=0
>
> The log doesn't indicate any authorization error. I was wondering if
> there's additional settings that I can set on Fedora DS so I can
> easily tell if a user is not authorize to perform a search operation
> on the LDAP.
In general, no. However, you could use Get Effective Rights -
http://www.redhat.com/docs/manuals/dir-server/release-notes/ger.html
>
> Thanks!
>
> - David
>
>
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20080710/2c3da4c1/attachment.bin>
More information about the 389-users
mailing list