ISSUE:

How To: Configure and Activate eDirectory Auditing feature to audit events in NetIQ Access Manager Administration Console.

One of the Use case:

If you are concerned that your delegated administrators might use an LDAP browser to access the configuration datastore, you can configure eDirectory to audit events that come from LDAP connections to the LDAP server.

HOW TO STEPS:

Preface:

The solution is split into 2 parts i.e

1) Configuring the system for enabling  eDirectory Auditing in NetIQ Access Manager Administration Console

2) Activating the eDirectory Auditing feature to audit events in NetIQ Access Manager Administration Console

Service restart:

This will need Administration Console service to be restarted at the end to take effect of the changes made.

Backup:

Ensure, there's backup of the system and enough down-time outside of the business hours.

Impact:

Very minimal to none.

Part 1: Configuring the system to enable eDirectory Auditing in NetIQ Access Manager Administration Console

The steps below will download the necessary plugins to the file system on which Administration Console is setup and running.

a) Login to NetIQ Access Manager Administration Console and navigate to Right Top corner and click on

Admin (in this case the administrator's name is Admin) >> (select) Configure Console

b) On the Left panel >>  (select) iManager Server

c) Click on "Configure iManager"  >> (select) Plug-in Download

(Highlighted in the below screenshot)

d) Select the Checkbox “Query download site for new NetIQ Plugin” and

Choose the radio button “NetIQ download site”

(highlighted in the screenshot below)

then Click -> Save

e) In the same Page, on the Left Panel

Select "Plug-in Installation" >> (select sub-menu) "Available NetIQ Plug-in Modules"

f) This will display a new page which will list the available plugins for installation.

Select “eDirectory90 Plugins” ( it might also be listed as “eDir_IMANPlugins” in older systems)

Select the same and click on "Install"

g) You will be prompted to answer the consent to License Agreement

Post the License agreement, the process of downloading the plugin to the file system will start and will display the progress.

This may take up-to a minute.

h)

Once the plugin is installed, connect to Administration Console server and restart the service.

(Linux) /etc/init.d/novell-ac restart

(Windows) Go to Services view and restart Tomcat8 windows service

Part 2: Activating the eDirectory Auditing feature to audit events in NetIQ Access Manager Administration Console

Now, that Administration Console is restarted one needs to re-login.

a) Login to NetIQ Access Manager Administration Console and navigate to Right Top corner and click on

Admin (in this case the administrator's name is Admin) >> (select) Manage Roles and Tasks

b) On the Left Panel, select "eDirectory Auditing" and then select the sub-menu "Audit Configuration"

c) On the Right Panel, click on Object Selector icon

(highlighted in the below screenshot)

The search will pop-up a new dialog with the Contents.

Now, click on the object "novell", which expands to display the objects further.

This will display the NCP object, which is the eDirectory server.

Select the eDirectory server and click Ok on the next screen.

d) Audit Configuration now displays different formats to audit events.

For LDAP Events in specific, Novell Audit, CEF can be opted.

Further Reading:

For more detailed information on Novell Audit and CEF, here are the links to eDirectory documenation site.

Auditing with Novell Audit:

https://www.netiq.com/documentation/edirectory-91/edir_admin/data/bydeiav.html

(PS: The rpms mentioned in the documentation site are bundled with NetIQ Access Manager tar ball)

Auditing with CEF:

https://www.netiq.com/documentation/edirectory-91/edir_admin/data/t44e7j6b8ufi.html

(PS: CEF is the general recommended format)