Recently i have encountered this problem, whereas i have to send ldap proxy logs to arcsight. So i started working with the logs, in the XDAS format, and i saw something interesing (for me atleast) with the outcome values, for example: "Outcome" : "2.3","ExtendedOutcome" : "49"
I was used to think (by sentinel experience), that it comes only with values 0-3 as success,fail,deny,unknown and the extentedoutcome has less values too, tho after a bit researching i realized the universe is bigger than that.
Could anyone please provide a thorough documentation about these events/outcomes, and their meanings? I was unable to find anything related on https://ldapwiki.com/ .