LDAP Monitoring Using ldapaudit_client for Testing



By: hemanthg

April 30, 2009 12:47 pm

Reads: 305

License:
Free

Download ldap_events.tar.gz

ldapaudit_client is a tool which dumps events on the screen.

The sole purpose of this page to exist here is to show you how to dump LDAP events from eDirectory onto the console using this tool ldapaudit_client.

Lets get into basics, what LDAP events is all about.

LDAP events is an event system inside eDirectory’s nldap module. This event system reports all the action performed on that eDirectory server over the LDAP port.

The steps involved for getting events from the event system by a LDAP event monitoring client are:

  1. Make a list of all the events you want to monitor on the eDirectory server.
  2. Bind to eDirectory over LDAP port.
  3. Register the list of events you want to monitor.
  4. Get the event data generated, from the server by polling.
  5. Once you are done enough with the event data, client does an unbind with directory and exits.

That’s enough with the theory, let’s get this done practically.

Follow the steps below to perform LDAP monitoring on any eDirectory server (starting from 883 server):

Requirements: the download copy of the tool, Linux box.

  • Create a directory ldap_events. Change to ldap_events directory
  • Extract the tar.gz into this directory.
  • Inside bin directory we can see ldapaudit_client and lib folder.
  • Export the path of lib/ldapsdk to your LD_LIBRARY_PATH. (if you have an cldap sdk already installed, export LD_LIBRARY_PATH to the lib folder of the cldapsdk).
  • Execute ./ldapaudit_client you can see usage.
    Usage: ldapaudit_client <hostname> <port number> <login dn> <password> <duration_in_minutes> <EventType> [<EventType>...]

    Example: ldapaudit_client Acme.com 389 cn=admin,o=Acme secret 3 EVT_LDAP_BIND EVT_LDAP_SEARCH ..;
  • Just follow the usage register for the events of your interest and enjoy monitoring.

The available list of events are:

   1. EVT_LDAP_BIND
   2. EVT_LDAP_BINDRESPONSE
   3. EVT_LDAP_UNBIND
   4. EVT_LDAP_CONNECTION
   5. EVT_LDAP_SEARCH
   6. EVT_LDAP_SEARCHRESPONSE
   7. EVT_LDAP_SEARCHENTRYRESPONSE
   8. EVT_LDAP_ADD
   9. EVT_LDAP_ADDRESPONSE
  10. EVT_LDAP_COMPARE
  11. EVT_LDAP_COMPARERESPONSE
  12. EVT_LDAP_MODIFY
  13. EVT_LDAP_MODIFYRESPONSE
  14. EVT_LDAP_DELETE
  15. EVT_LDAP_DELETERESPONSE
  16. EVT_LDAP_MODDN
  17. EVT_LDAP_MODDNRESPONSE
  18. EVT_LDAP_ABANDON
  19. EVT_LDAP_EXTOP
  20. EVT_LDAP_SYSEXTOP
  21. EVT_LDAP_EXTOP_RESPONSE
  22. EVT_LDAP_MODLDAPSERVER
  23. EVT_LDAP_PASSWORDMODIFY
  24. EVT_LDAP_UNKNOWNOP
Note: If anybody wants to use this tool for automation, there exists another client ldapaudit_client_test in the same bin folder. Usage of the tool is:

Usage: ldapaudit_client <hostname> <port number> <login dn> <password> <duration_in_minutes> <pipe_file_name> <EventType> [<EventType>...]

Example: ldapaudit_client Acme.com 389 cn=admin,o=Acme secret 3 ./my_named_pipe EVT_LDAP_BIND EVT_LDAP_SEARCH ..;

 
 
 
 
 
 
 
 
 
 
 
 

This client writes a single event data to line in file specified text/pipe file at command line. The fields are separated by a ‘|’ character.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags: ,
Categories: Cool Tools, eDirectory

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

1 Comment

  1. By:soan

    How about making this Open Source?

Comment