LDAP Event Monitoring

0 Likes
over 12 years ago

From eDirectory 8.8 SP3, eDirectory supports the monitoring of LDAP events as an LDAP extension. LDAP Events will give the LDAP specific details like the client IP address, LDAP result code, LDAP message ID etc along with the basing information for every LDAP operation happening in the server.



This cool solution will give the details of every LDAP Event on what it does and what data it returns. Also this article enables users to monitor all the LDAP operations happening against any eDirectory Server through a cool tool written in C using the Novell C LDAP SDK.



LDAP EVENTS:


The following table will give the list of LDAP events that are supported by eDirectory (from version 8.8 SP3) and describes what each of them do.





Event

Description



EVT_LDAP_BIND

Bind operation has happened in the ldap server.



EVT_LDAP_UNBIND

Unbind operation has happened in the ldap server.



EVT_LDAP_CONNECTION

Connection operation has happened in the ldap server.



EVT_LDAP_SEARCH

LDAP Search operation has happened in the ldap server.



EVT_LDAP_SEARCHENTRYRESPONSE

Entry of Search operation has been returned from the ldap server.



EVT_LDAP_ADD

Add operation has happened in the ldap server.



EVT_LDAP_MODIFY

Modify operation has happened in the ldap server.



EVT_LDAP_DELETE

Delete operation has happened in the ldap server.



EVT_LDAP_COMPARE

Compare operation has happened in the ldap server.



EVT_LDAP_MODDN

Modify DN operation has happened in the ldap server.



EVT_LDAP_ABANDON

Abandon operation has happened in the ldap server.



EVT_LDAP_EXTOP

Extended operation has happened in the ldap server.



EVT_LDAP_SYSEXTOP

System extended operation has happened in the ldap server.



EVT_LDAP_MODLDAPSERVER

Modification of the ldap server object has happened.



EVT_LDAP_PASSWARDMODIFYTYPE

Password Modify operation has happened in the ldap server.



EVT_LDAP_UNKNOWNOP

Some unknown LDAP operation has happened in the ldap server.



EVT_LDAP_BINDRESPONSE

Bind Response Event has been caused by the LDAP Bind Operation.



EVT_LDAP_SEARCHRESPONSE

Search Response Event has been caused by the LDAP Search Operation.



EVT_LDAP_ADDRESPONSE

Add Response Event has been caused by the LDAP Add Operation.



EVT_LDAP_COMPARERESPONSE

Compare Response Event has been caused by the LDAP Compare Operation.



EVT_LDAP_MODIFYRESPONSE

Modify Response Event has been caused by the LDAP Modify Operation.



EVT_LDAP_DELETERESPONSE

Delete Response Event has been caused by the LDAP Delete Operation.



EVT_LDAP_MODDNRESPONSE

Modify DN Response Event has been caused by the LDAP Modify DN Operation.



EVT_LDAP_EXTOP_RESPONSE

Signals the occurrence of the Response Event caused by the Extension Operation.







The following table gives the the list of LDAP events and the data returned by each event when the corresponding operation happens:





LDAP Event(s)

Data Returned by the event(s)



EVT_LDAP_BIND and
EVT_LDAP_UNBIND

  • Connection Data

  • LDAP Message ID

  • Operation Time

  • Authorization DN

  • Type of the Bind

  • Authorization Mechanism

  • Control OIDs, if any

  • LDAP Result Code



EVT_LDAP_CONNECTION


  • Connection Data:

  • Connection Id

  • Connection Time

  • Client IP Address and Port




EVT_LDAP_SEARCH


  • Connection Data

  • LDAP Message ID

  • Operation Time

  • Authorization DN

  • Search Base

  • Search Scope

  • Search Filter

  • Requested Search attributes

  • Control OIDs, if any

  • LDAP Result Code




EVT_LDAP_SEARCHENTRYRESPONSE


  • Connection Data

  • LDAP Message ID

  • Operation Time

  • DN of the entry being returned

  • Object class name of the entry

  • Attributes list of the entry

  • Authorization Mechanism

  • LDAP Result Code





EVT_LDAP_ADD,
EVT_LDAP_MODIFY and
EVT_DELETE



  • Connection Data

  • LDAP Message ID

  • Operation Time

  • Authorization DN

  • DN of the entry being operated on

  • Object class name of the entry

  • Control OIDs, if any

  • LDAP Result Code






EVT_LDAP_COMPARE



  • Connection Data

  • LDAP Message ID

  • Operation Time

  • Authorization DN

  • DN of the entry being compared

  • Assertion Type

  • Assertion Value, if any

  • Object Class name of the entry

  • LDAP Result Code





EVT_LDAP_MODDN



  • Connection Data

  • LDAP Message ID

  • Operation Time

  • Authorization DN

  • Old RDN of the entry being modified

  • New RDN of the entry being modified

  • Object class name of the entry

  • Control OIDs, if any

  • LDAP Result Code





EVT_LDAP_ABANDON



  • Connection Data

  • LDAP Message ID

  • Operation Time

  • Operation ID

  • Authorization DN

  • LDAP Result Code





EVT_LDAP_EXTOP



  • Connection Data

  • LDAP Message ID

  • Operation Time

  • Operation ID

  • Extension OID

  • Authorization DN

  • LDAP Result Code




EVT_LDAP_SYSEXTOP



  • Connection Data

  • LDAP Message ID

  • Operation Time

  • Operation ID

  • System Extension OID

  • Authorization DN

  • Any other data associated with

  • LDAP Result Code




EVT_LDAP_MODLDAPSERVER



  • No data associated. Just a notification will be sent.




EVT_LDAP_PASSWARDMODIFYTYPE



  • Connection Data

  • LDAP Message ID

  • Operation Time

  • Authorization DN

  • DN of the entry being operated on

  • Password Modification Type

  • LDAP Result Code




EVT_LDAP_UNKNOWNOP



  • Time

  • Client IP Address and port




EVT_LDAP_BINDRESPONSE,
EVT_LDAP_SEARCHRESPONSE,
EVT_LDAP_ADDRESPONSE,
EVT_LDAP_COMPARERESPONSE,
EVT_LDAP_MODIFYRESPONSE,
EVT_LDAP_DELETERESPONSE,
EVT_LDAP_MODDNRESPONSE and
EVT_LDAP_EXTOP_RESPONSE



  • Connection Data

  • LDAP Message ID

  • Operation Time

  • LDAP Result Code

  • Matched DN, in case of error

  • Referral Data








Cool Tool to monitor LDAP Events:



Usage:



MonitorClient.exe <eDirectory Server IP/host name> <ldap port number> <authorization dn> <password> <time to monitor in seconds>



Run this application through one client. This will monitor the eDirectory server for the number of seconds specified as the parameter and report all the LDAP events happening at the eDirectory server sequentially in order.



Supported Platform: Linux 32-bit



Example:



MonitorClient.exe acme.com 389 cn=admin,o=org secret 300



This will monitor the eDirectory server acme.com for the LDAP events happening 5 minutes (300 seconds).



Screen Shot of the data being shown:



8689-1

Note: This tool will give only the partial data of the LDAP events.


Users can write their own custom application for monitoring the events through the Novell's LDAP SDK "LDAP Libraries for C".


More details can be found at: http://developer.novell.com/wiki/index.php/LDAP_Libraries_for_C


Labels:

Collateral
Comment List
Anonymous
Related Discussions
Recommended