[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Bind DN not logged with GSSAPI binds (ITS#2283)
At 06:07 PM 1/21/2003, quanah@stanford.edu wrote:
>Full_Name: Quanah Gibson-Mount
>Version: 2.1.10
>OS: Solaris 8
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (171.66.182.82)
>
>
>Hello,
>
>In the past (due to a previous request, as I recall), openldap would log the
>BIND dn of a person making a GSSAPI connection at loglevel 256.
The authorization DN (which is not necessarily the bind DN) is
logged both at 256 (STATS) and at 1 (TRACE). The message is
labeled "AUTHZ" in 2.1.12 but will labeled "BIND" in the next
release (for consistency with other messages).
>It correctly
>logs the authcid and the authzid now, but the resulting BIND dn (in the case of
>group memberships) is not being logged.
authzid is the authorization DN used for ACLs, etc..
>It is important to know to what BIND DN
>these two bits of information were eventually resolved to.
A recent software message shows logging is working.
http://www.openldap.org/lists/openldap-software/200301/msg00546.html