directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Auditing if anonymous LDAP connections are being made
Date Fri, 13 Jun 2014 06:11:01 GMT
On Fri, Jun 13, 2014 at 12:17 AM, Tou-Soua Heu <tousouaheu@fico.com> wrote:

> How can you check if there are anonymous LDAP connections to ApacheDS 2.0?
>
> there is no way right now (other than looking at the debug logs, which is
painful)
if you can raise a feature request with enough details about the usecase we
might
consider to implement it.

thank you

>
>
> According to the user manual (section 5.3.1 Logs overview, see
> https://directory.apache.org/apacheds/advanced-ug/5.3-logs.html ) this
> should work but it seems to log anything:
>
>
>
> # Logs all executed operations (search, add, delete, etc.)
>
> log4j.logger.org.apache.directory.server.OPERATION_LOG=DEBUG
>
> # Logs all incoming and outgoing LDAP Protocol requests/responses
>
> log4j.logger.org.apache.directory.api.CODEC_LOG=DEBUG
>
>
>
> So I ended up with changing "log4j.rootCategory=DEBUG". Unfortunately this
> puts a lot of noise in the apacheds.log file. In this case, what is the log
> entry that records the LDAP connection look like and what does it say when
> it’s anonymous vs. authenticated?
>
>
>
> Thanks.
>
>
>
>


-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message