FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 07-07-2008, 03:21 PM
"Chun Tat David Chu"
 
Default Question on monitoring authorization

Hi all,

I've a question on monitoring authorization.

When a user without sufficient privileges and perform a search request on the LDAP, the user will receive an empty result from the LDAP.*

I followed the instruction from the Red hat Directory Server Administrator's Guide and set the access mode to 777 to log all read, write and execute commands.


When I look at the log of an unauthorize user, all I see is the following
[07/Jul/2008:11:08:37 -0400] conn=42 op=81 SRCH base="ou=sandbox,ou=my_test,dc=example,dc=com" scope=1 filter="(objectClass=*)" attrs="objectClass javaClassName"

[07/Jul/2008:11:08:37 -0400] conn=42 op=81 RESULT err=0 tag=101 nentries=0 etime=0

The log doesn't indicate any authorization error.* I was wondering if there's additional settings that I can set on Fedora DS so I can easily tell if a user is not authorize to perform a search operation on the LDAP.


Thanks!

- David




--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 07-10-2008, 10:32 PM
Rich Megginson
 
Default Question on monitoring authorization

Chun Tat David Chu wrote:

Hi all,

I've a question on monitoring authorization.

When a user without sufficient privileges and perform a search request
on the LDAP, the user will receive an empty result from the LDAP.

I followed the instruction from the Red hat Directory Server
Administrator's Guide and set the access mode to 777 to log all read,
write and execute commands.


When I look at the log of an unauthorize user, all I see is the following
[07/Jul/2008:11:08:37 -0400] conn=42 op=81 SRCH
base="ou=sandbox,ou=my_test,dc=example,dc=com" scope=1
filter="(objectClass=*)" attrs="objectClass javaClassName"
[07/Jul/2008:11:08:37 -0400] conn=42 op=81 RESULT err=0 tag=101
nentries=0 etime=0


The log doesn't indicate any authorization error. I was wondering if
there's additional settings that I can set on Fedora DS so I can
easily tell if a user is not authorize to perform a search operation
on the LDAP.
In general, no. However, you could use Get Effective Rights -
http://www.redhat.com/docs/manuals/dir-server/release-notes/ger.html


Thanks!

- David



------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users



--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 07-14-2008, 03:19 PM
"Chun Tat David Chu"
 
Default Question on monitoring authorization

Rich,

Thanks for information.

David

On Thu, Jul 10, 2008 at 6:32 PM, Rich Megginson <rmeggins@redhat.com> wrote:

Chun Tat David Chu wrote:


Hi all,



I've a question on monitoring authorization.



When a user without sufficient privileges and perform a search request on the LDAP, the user will receive an empty result from the LDAP.

I followed the instruction from the Red hat Directory Server Administrator's Guide and set the access mode to 777 to log all read, write and execute commands.



When I look at the log of an unauthorize user, all I see is the following

[07/Jul/2008:11:08:37 -0400] conn=42 op=81 SRCH base="ou=sandbox,ou=my_test,dc=example,dc=com" scope=1 filter="(objectClass=*)" attrs="objectClass javaClassName"

[07/Jul/2008:11:08:37 -0400] conn=42 op=81 RESULT err=0 tag=101 nentries=0 etime=0



The log doesn't indicate any authorization error. *I was wondering if there's additional settings that I can set on Fedora DS so I can easily tell if a user is not authorize to perform a search operation on the LDAP.



In general, no. *However, you could use Get Effective Rights - http://www.redhat.com/docs/manuals/dir-server/release-notes/ger.html





Thanks!



- David







------------------------------------------------------------------------



--

Fedora-directory-users mailing list

Fedora-directory-users@redhat.com

https://www.redhat.com/mailman/listinfo/fedora-directory-users

*





--

Fedora-directory-users mailing list

Fedora-directory-users@redhat.com

https://www.redhat.com/mailman/listinfo/fedora-directory-users




--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 

Thread Tools




All times are GMT. The time now is 08:45 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org