LDAP Monitoring Using ldapaudit_client for Testing

0 Likes
over 12 years ago

ldapaudit_client is a tool which dumps events on the screen.



The sole purpose of this page to exist here is to show you how to dump LDAP events from eDirectory onto the console using this tool ldapaudit_client.



Lets get into basics, what LDAP events is all about.



LDAP events is an event system inside eDirectory's nldap module. This event system reports all the action performed on that eDirectory server over the LDAP port.



The steps involved for getting events from the event system by a LDAP event monitoring client are:


  1. Make a list of all the events you want to monitor on the eDirectory server.

  • Bind to eDirectory over LDAP port.

  • Register the list of events you want to monitor.

  • Get the event data generated, from the server by polling.

  • Once you are done enough with the event data, client does an unbind with directory and exits.



That's enough with the theory, let's get this done practically.



Follow the steps below to perform LDAP monitoring on any eDirectory server (starting from 883 server):

Requirements: the download copy of the tool, Linux box.




  • Create a directory ldap_events. Change to ldap_events directory

  • Extract the tar.gz into this directory.

  • Inside bin directory we can see ldapaudit_client and lib folder.

  • Export the path of lib/ldapsdk to your LD_LIBRARY_PATH. (if you have an cldap sdk already installed, export LD_LIBRARY_PATH to the lib folder of the cldapsdk).

  • Execute ./ldapaudit_client you can see usage.

    Usage: ldapaudit_client <hostname> <port number> <login dn> <password> <duration_in_minutes> <EventType> [<EventType>...]

    Example: ldapaudit_client Acme.com 389 cn=admin,o=Acme secret 3 EVT_LDAP_BIND EVT_LDAP_SEARCH ..;

  • Just follow the usage register for the events of your interest and enjoy monitoring.




The available list of events are:



   1. EVT_LDAP_BIND
2. EVT_LDAP_BINDRESPONSE
3. EVT_LDAP_UNBIND
4. EVT_LDAP_CONNECTION
5. EVT_LDAP_SEARCH
6. EVT_LDAP_SEARCHRESPONSE
7. EVT_LDAP_SEARCHENTRYRESPONSE
8. EVT_LDAP_ADD
9. EVT_LDAP_ADDRESPONSE
10. EVT_LDAP_COMPARE
11. EVT_LDAP_COMPARERESPONSE
12. EVT_LDAP_MODIFY
13. EVT_LDAP_MODIFYRESPONSE
14. EVT_LDAP_DELETE
15. EVT_LDAP_DELETERESPONSE
16. EVT_LDAP_MODDN
17. EVT_LDAP_MODDNRESPONSE
18. EVT_LDAP_ABANDON
19. EVT_LDAP_EXTOP
20. EVT_LDAP_SYSEXTOP
21. EVT_LDAP_EXTOP_RESPONSE
22. EVT_LDAP_MODLDAPSERVER
23. EVT_LDAP_PASSWORDMODIFY
24. EVT_LDAP_UNKNOWNOP


Note: If anybody wants to use this tool for automation, there exists another client ldapaudit_client_test in the same bin folder. Usage of the tool is:

Usage: ldapaudit_client <hostname> <port number> <login dn> <password> <duration_in_minutes> <pipe_file_name> <EventType> [<EventType>...]

Example: ldapaudit_client Acme.com 389 cn=admin,o=Acme secret 3 ./my_named_pipe EVT_LDAP_BIND EVT_LDAP_SEARCH ..;


 
 
 
 
 
 
 
 
 
 
 
 

This client writes a single event data to line in file specified text/pipe file at command line. The fields are separated by a '|' character.

Labels:

Collateral
Comment List
Anonymous
Related Discussions
Recommended