[Fedora-directory-users] Question on monitoring authorization
Chun Tat David Chu
beyonddc.storage at gmail.com
Mon Jul 14 15:19:04 UTC 2008
Rich,
Thanks for information.
David
On Thu, Jul 10, 2008 at 6:32 PM, Rich Megginson <rmeggins at redhat.com> wrote:
> Chun Tat David Chu wrote:
>
>> Hi all,
>>
>> I've a question on monitoring authorization.
>>
>> When a user without sufficient privileges and perform a search request on
>> the LDAP, the user will receive an empty result from the LDAP.
>> I followed the instruction from the Red hat Directory Server
>> Administrator's Guide and set the access mode to 777 to log all read, write
>> and execute commands.
>>
>> When I look at the log of an unauthorize user, all I see is the following
>> [07/Jul/2008:11:08:37 -0400] conn=42 op=81 SRCH
>> base="ou=sandbox,ou=my_test,dc=example,dc=com" scope=1
>> filter="(objectClass=*)" attrs="objectClass javaClassName"
>> [07/Jul/2008:11:08:37 -0400] conn=42 op=81 RESULT err=0 tag=101 nentries=0
>> etime=0
>>
>> The log doesn't indicate any authorization error. I was wondering if
>> there's additional settings that I can set on Fedora DS so I can easily tell
>> if a user is not authorize to perform a search operation on the LDAP.
>>
> In general, no. However, you could use Get Effective Rights -
> http://www.redhat.com/docs/manuals/dir-server/release-notes/ger.html
>
>>
>> Thanks!
>>
>> - David
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20080714/535c646e/attachment.html>
More information about the 389-users
mailing list