ldapaudit_client is a tool which dumps events on the screen.
The sole purpose of this page to exist here is to show you how to dump LDAP events from eDirectory onto the console using this tool ldapaudit_client.
Lets get into basics, what LDAP events is all about.
LDAP events is an event system inside eDirectory's nldap module. This event system reports all the action performed on that eDirectory server over the LDAP port.
The steps involved for getting events from the event system by a LDAP event monitoring client are:
- Make a list of all the events you want to monitor on the eDirectory server.
- Bind to eDirectory over LDAP port.
- Register the list of events you want to monitor.
- Get the event data generated, from the server by polling.
- Once you are done enough with the event data, client does an unbind with directory and exits.
That's enough with the theory, let's get this done practically.
Follow the steps below to perform LDAP monitoring on any eDirectory server (starting from 883 server):
Requirements: the download copy of the tool, Linux box.
- Create a directory ldap_events. Change to ldap_events directory
- Extract the tar.gz into this directory.
- Inside bin directory we can see ldapaudit_client and lib folder.
- Export the path of lib/ldapsdk to your LD_LIBRARY_PATH. (if you have an cldap sdk already installed, export LD_LIBRARY_PATH to the lib folder of the cldapsdk).
- Execute ./ldapaudit_client you can see usage.
Usage: ldapaudit_client <hostname> <port number> <login dn> <password> <duration_in_minutes> <EventType> [<EventType>...]
Example: ldapaudit_client Acme.com 389 cn=admin,o=Acme secret 3 EVT_LDAP_BIND EVT_LDAP_SEARCH ..;
- Just follow the usage register for the events of your interest and enjoy monitoring.
The available list of events are:
Note: If anybody wants to use this tool for automation, there exists another client ldapaudit_client_test in the same bin folder. Usage of the tool is:
Usage: ldapaudit_client <hostname> <port number> <login dn> <password> <duration_in_minutes> <pipe_file_name> <EventType> [<EventType>...]
Example: ldapaudit_client Acme.com 389 cn=admin,o=Acme secret 3 ./my_named_pipe EVT_LDAP_BIND EVT_LDAP_SEARCH ..;
This client writes a single event data to line in file specified text/pipe file at command line. The fields are separated by a '|' character.
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.