Overview#

Many LDAP Server Implementations, especially those based on SLAPD, access log provides a mechanism for keeping track of every operation processed by the server, including every request received and response returned. It may also be used to obtain information about the internal operations performed within the server.

The typical default access control log implementation writes information to a log file with two records per operation. The first record reflects the request received from the client and the second provides information about the result of the operation processing.

Typical messages will include a common set of elements including:

  • The time that the message was logged.
  • The type of operation being processed.
  • The connection ID of the client connection that requested the operation.
  • The operation ID of the operation on that client connection.
  • The message ID of the LDAP Message used to request the operation.

For Abandon Request, request log messages include the message ID of the message to abandon. There is no response to an abandon operation, but the server will nevertheless log a result message indicating whether the abandon was successful and the processing time in milliseconds.

For Add Request, request log messages include the DN of the entry to add. The response log message may include the result code, diagnostic message, matched DN, the authorization ID for the operation, and the processing time in milliseconds.

For Bind Request, request log messages include the authentication type (either "SIMPLE" or "SASL" followed by the mechanism name) and the bind DN. The response log message may include the result code, diagnostic message, matched DN, authentication ID, authorization ID, and processing time in milliseconds.

For Compare Request, request log messages include the target entry DN and the attribute type. The response log message may include the result code, diagnostic message, matched DN, authorization ID, and the processing time in milliseconds.

For Delete Request, request log messages include the target entry DN. The response log message may include the result code, diagnostic message, matched DN, authorization ID, and the processing time in milliseconds.

For Extended Request, request log messages include the OID for the extended request. The response log message may include the OID of the extended response, the result code, diagnostic message, matched DN, and the processing time in milliseconds.

For Modify Request, request log messages include the target entry DN. The response log message may include the result code, diagnostic message, matched DN, authorization ID, and the processing time in milliseconds.

For ModifyDNRequest, request log messages include the target entry DN, the new RDN, a flag indicating whether to delete the old RDN values, and the new superior DN. The response log message may include the result code, diagnostic message, matched DN, authorization ID, and the processing time in milliseconds.

For Search Request, request log messages include the BaseDN, LDAP Search Scope, LDAP SearchFilter, and Attribute Selection. The response log message may include the result code, number of entries returned, diagnostic message, matched DN, authorization ID, and the processing time in milliseconds.

For Unbind Request, the request message will simply indicate that an unbind request has been received. There is no response to an Unbind Request, and no result log message.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-28) was last changed on 16-Apr-2016 13:32 by jim