Rich, Thanks for information. David On Thu, Jul 10, 2008 at 6:32 PM, Rich Megginson <rmeggins at redhat.com> wrote: > Chun Tat David Chu wrote: > >> Hi all, >> >> I've a question on monitoring authorization. >> >> When a user without sufficient privileges and perform a search request on >> the LDAP, the user will receive an empty result from the LDAP. >> I followed the instruction from the Red hat Directory Server >> Administrator's Guide and set the access mode to 777 to log all read, write >> and execute commands. >> >> When I look at the log of an unauthorize user, all I see is the following >> [07/Jul/2008:11:08:37 -0400] conn=42 op=81 SRCH >> base="ou=sandbox,ou=my_test,dc=example,dc=com" scope=1 >> filter="(objectClass=*)" attrs="objectClass javaClassName" >> [07/Jul/2008:11:08:37 -0400] conn=42 op=81 RESULT err=0 tag=101 nentries=0 >> etime=0 >> >> The log doesn't indicate any authorization error. I was wondering if >> there's additional settings that I can set on Fedora DS so I can easily tell >> if a user is not authorize to perform a search operation on the LDAP. >> > In general, no. However, you could use Get Effective Rights - > http://www.redhat.com/docs/manuals/dir-server/release-notes/ger.html > >> >> Thanks! >> >> - David >> >> >> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20080714/535c646e/attachment.html
