Chun Tat David Chu wrote: > Hi all, > > I've a question on monitoring authorization. > > When a user without sufficient privileges and perform a search request > on the LDAP, the user will receive an empty result from the LDAP. > > I followed the instruction from the Red hat Directory Server > Administrator's Guide and set the access mode to 777 to log all read, > write and execute commands. > > When I look at the log of an unauthorize user, all I see is the following > [07/Jul/2008:11:08:37 -0400] conn=42 op=81 SRCH > base="ou=sandbox,ou=my_test,dc=example,dc=com" scope=1 > filter="(objectClass=*)" attrs="objectClass javaClassName" > [07/Jul/2008:11:08:37 -0400] conn=42 op=81 RESULT err=0 tag=101 > nentries=0 etime=0 > > The log doesn't indicate any authorization error. I was wondering if > there's additional settings that I can set on Fedora DS so I can > easily tell if a user is not authorize to perform a search operation > on the LDAP. In general, no. However, you could use Get Effective Rights - http://www.redhat.com/docs/manuals/dir-server/release-notes/ger.html > > Thanks! > > - David > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20080710/2c3da4c1/attachment.bin
