Role management event may also be classified in terms of data items, but role management is key to systems that manage identity, so these were also given their own category within the XDASv2 taxonomy.
Table 5-9 Role Management Event Taxonomy
Event Name |
Event Identifier |
Corresponding eDir Event |
Description |
Use |
---|---|---|---|---|
Create Role |
0.0.8.0 |
DSE_CREATE_ENTRY DSE_LDAP_ADD DSE_LDAP_ADDRESPONSE DSE_NAME_COLLISION DSE_ADD_ENTRY |
Create a new role |
Creates a new role, or an attempt is made to create a new role. |
Delete Role |
0.0.8.1 |
DSE_DELETE_ENTRY DSE_DELETE_VALUE DSE_LDAP_DELETE DSE_LDAP_DELETERESPONSE DSE_MOVE_SOURCE_ENTRY DSE_REMOVE_ENTRY |
Delete an existing role |
An existing role is deleted, or an attempt is made to delete an existing role. |
Modify Role |
0.0.8.5 |
DSE_ADD_VALUE DSE_DELETE_ATTRIBUTE DSE_DELETE_VALUE DSE_LDAP_MODIFY DSE_LDAP_MODIFYRESPONSE DSE_MERGE_ENTRIES DSE_MODIFY_ENTRY DSE_MODIFY_RDN DSE_RENAME_ENTRY |
Modify a role attribute |
Role attributes are modified, or an attempt is made to modify role attributes. |
Query Role |
0.0.8.4 |
DSE_LDAP_SEARCH DSE_LDAP_COMPARE |
Query role attributes |
Role attributes are queried, or an attempt is made to query role attributes. |
The following sections include examples for role management events.
Click Create Role to generate an event when a new role is created or an attempt is made to create a new role, as shown in the following example:
Jan 08 10:18:34 eDirectory : INFO {"Source" : "eDirectory#DS","Observer" : {"Account" : {"Domain" : "MYTREE","Name" : "CN=SRV1,O=mycom"},"Entity" : {"SysAddr" : "100.1.2.164","SysName" : "SLES11-SP2-164"}},"Initiator" : {"Account" : {"Name" : "CN=admin,O=mycom","Id" : "32809"},"Entity" : {"SysAddr" : "164.99.136.142:40645"}},"Target" : {"Data" : {"Name" : "dc=LDAPValidate"}},"Action" : {"Event" : {"Id" : "0.0.8.0","Name" : "CREATE_ROLE","CorrelationID" : "eDirectory#41#4477577d-b132-4d62-9e89-7d57774432b1","SubEvent" : "DSE_ADD_ENTRY"},"Time" : {"Offset" : 1389847714},"Log" : {"Severity" : 7},"Outcome" : "0","ExtendedOutcome" : "0"}}
Click Delete Role to generate an event when an existing role is deleted or an attempt is made to delete an existing role, as shown in the following example:
Jan 08 10:18:35 eDirectory : INFO {"Source" : "eDirectory#DS","Observer" : {"Account" : {"Domain" : "MYTREE","Name" : "CN=SRV1,O=mycom"},"Entity" : {"SysAddr" : "100.1.2.164","SysName" : "SLES11-SP2-164"}},"Initiator" : {"Account" : {"Name" : "CN=admin,O=mycom","Id" : "32809"},"Entity" : {"SysAddr" : "164.99.136.142:40645"}},"Target" : {"Data" : {"ClassName" : "User","Name" : "CN=NewTest User1,dc=LDAPValidate","newRDN" : "á°¸à¶\u0092"}},"Action" : {"Event" : {"Id" : "0.0.8.1","Name" : "DELETE_ROLE","CorrelationID" : "eDirectory#41#7ba31085-4e90-47fd-0aa6-8510a37b904e","SubEvent" : "DSE_MOVE_SOURCE_ENTRY"},"Time" : {"Offset" : 1389847715},"Log" : {"Severity" : 7},"Outcome" : "0","ExtendedOutcome" : "0"}}
Click Modify Role to generate an event when role attributes are modified or an attempt is made to modify role attributes, as shown in the following example:
Jan 08 10:20:23 eDirectory : INFO {"Source" : "eDirectory#DS","Observer" : {"Account" : {"Domain" : "MYTREE","Name" : "CN=SRV1,O=mycom"},"Entity" : {"SysAddr" : "100.1.2.164","SysName" : "SLES11-SP2-164"}},"Initiator" : {"Account" : {"Name" : "CN=SLES11-SP2-164,O=mycom","Id" : "32833"},"Entity" : {"SysAddr" : "100.1.2.164:39570"}},"Target" : {"Data" : {"Attribute Name" : "Convergence","ClassName" : "domain","Name" : "dc=Events","Syntax" : "8"}},"Action" : {"Event" : {"Id" : "0.0.8.5","Name" : "MODIFY_ROLE","CorrelationID" : "eDirectory#21#e01904e8-b3b2-4012-3c98-e80419e0b2b3","SubEvent" : "DSE_DELETE_ATTRIBUTE"},"Time" : {"Offset" : 1389847823},"Log" : {"Severity" : 7},"Outcome" : "0","ExtendedOutcome" : "0"}}
Click Query Role to generate an event when role attributes are queried or an attempt is made to query role attributes, as shown in the following example:
Jan 08 10:19:35 eDirectory : INFO {"Source" : "eDirectory#LDAP","Observer" : {"Account" : {"Domain" : "MYTREE","Name" : "CN=SRV1,O=mycom"},"Entity" : {"SysAddr" : "100.1.2.164","SysName" : "SLES11-SP2-164"}},"Initiator" : {"Account" : {"Name" : "cn=admin,o=mycom"},"Entity" : {"SysAddr" : "164.99.136.142:42181"},"Assertions" : {"msgID" : "14","netAddress" : "164.99.136.142:50596","operationTime" : "01/16/14 10:19:34"}},"Target" : {"Data" : {"Data" : ", search filter: (objectclass=inetOrgPerson)","DataLen" : "44","Name" : "cn=Test User1,dc=LDAPValidate","connection" : "231405696","searchScope" : "base"}},"Action" : {"Event" : {"Id" : "0.0.8.4","Name" : "QUERY_ROLE","CorrelationID" : "eDirectory#4294967295#","SubEvent" : "DSE_LDAP_SEARCH"},"Time" : {"Offset" : 1389847775},"Log" : {"Severity" : 7},"Outcome" : "0","ExtendedOutcome" : "0"}}