License:
Free

Download MonitorClient.zip

From eDirectory 8.8 SP3, eDirectory supports the monitoring of LDAP events as an LDAP extension. LDAP Events will give the LDAP specific details like the client IP address, LDAP result code, LDAP message ID etc along with the basing information for every LDAP operation happening in the server.

This cool solution will give the details of every LDAP Event on what it does and what data it returns. Also this article enables users to monitor all the LDAP operations happening against any eDirectory Server through a cool tool written in C using the Novell C LDAP SDK.

LDAP EVENTS:

The following table will give the list of LDAP events that are supported by eDirectory (from version 8.8 SP3) and describes what each of them do.

Event Description
EVT_LDAP_BIND Bind operation has happened in the ldap server.
EVT_LDAP_UNBIND Unbind operation has happened in the ldap server.
EVT_LDAP_CONNECTION Connection operation has happened in the ldap server.
EVT_LDAP_SEARCH LDAP Search operation has happened in the ldap server.
EVT_LDAP_SEARCHENTRYRESPONSE Entry of Search operation has been returned from the ldap server.
EVT_LDAP_ADD Add operation has happened in the ldap server.
EVT_LDAP_MODIFY Modify operation has happened in the ldap server.
EVT_LDAP_DELETE Delete operation has happened in the ldap server.
EVT_LDAP_COMPARE Compare operation has happened in the ldap server.
EVT_LDAP_MODDN Modify DN operation has happened in the ldap server.
EVT_LDAP_ABANDON Abandon operation has happened in the ldap server.
EVT_LDAP_EXTOP Extended operation has happened in the ldap server.
EVT_LDAP_SYSEXTOP System extended operation has happened in the ldap server.
EVT_LDAP_MODLDAPSERVER Modification of the ldap server object has happened.
EVT_LDAP_PASSWARDMODIFYTYPE Password Modify operation has happened in the ldap server.
EVT_LDAP_UNKNOWNOP Some unknown LDAP operation has happened in the ldap server.
EVT_LDAP_BINDRESPONSE Bind Response Event has been caused by the LDAP Bind Operation.
EVT_LDAP_SEARCHRESPONSE Search Response Event has been caused by the LDAP Search Operation.
EVT_LDAP_ADDRESPONSE Add Response Event has been caused by the LDAP Add Operation.
EVT_LDAP_COMPARERESPONSE Compare Response Event has been caused by the LDAP Compare Operation.
EVT_LDAP_MODIFYRESPONSE Modify Response Event has been caused by the LDAP Modify Operation.
EVT_LDAP_DELETERESPONSE Delete Response Event has been caused by the LDAP Delete Operation.
EVT_LDAP_MODDNRESPONSE Modify DN Response Event has been caused by the LDAP Modify DN Operation.
EVT_LDAP_EXTOP_RESPONSE Signals the occurrence of the Response Event caused by the Extension Operation.

The following table gives the the list of LDAP events and the data returned by each event when the corresponding operation happens:

LDAP Event(s) Data Returned by the event(s)
EVT_LDAP_BIND and
EVT_LDAP_UNBIND
  • Connection Data
  • LDAP Message ID
  • Operation Time
  • Authorization DN
  • Type of the Bind
  • Authorization Mechanism
  • Control OIDs, if any
  • LDAP Result Code
EVT_LDAP_CONNECTION
  • Connection Data:
  • Connection Id
  • Connection Time
  • Client IP Address and Port
EVT_LDAP_SEARCH
  • Connection Data
  • LDAP Message ID
  • Operation Time
  • Authorization DN
  • Search Base
  • Search Scope
  • Search Filter
  • Requested Search attributes
  • Control OIDs, if any
  • LDAP Result Code
EVT_LDAP_SEARCHENTRYRESPONSE
  • Connection Data
  • LDAP Message ID
  • Operation Time
  • DN of the entry being returned
  • Object class name of the entry
  • Attributes list of the entry
  • Authorization Mechanism
  • LDAP Result Code
EVT_LDAP_ADD,
EVT_LDAP_MODIFY and
EVT_DELETE
  • Connection Data
  • LDAP Message ID
  • Operation Time
  • Authorization DN
  • DN of the entry being operated on
  • Object class name of the entry
  • Control OIDs, if any
  • LDAP Result Code
EVT_LDAP_COMPARE
  • Connection Data
  • LDAP Message ID
  • Operation Time
  • Authorization DN
  • DN of the entry being compared
  • Assertion Type
  • Assertion Value, if any
  • Object Class name of the entry
  • LDAP Result Code
EVT_LDAP_MODDN
  • Connection Data
  • LDAP Message ID
  • Operation Time
  • Authorization DN
  • Old RDN of the entry being modified
  • New RDN of the entry being modified
  • Object class name of the entry
  • Control OIDs, if any
  • LDAP Result Code
EVT_LDAP_ABANDON
  • Connection Data
  • LDAP Message ID
  • Operation Time
  • Operation ID
  • Authorization DN
  • LDAP Result Code
EVT_LDAP_EXTOP
  • Connection Data
  • LDAP Message ID
  • Operation Time
  • Operation ID
  • Extension OID
  • Authorization DN
  • LDAP Result Code
EVT_LDAP_SYSEXTOP
  • Connection Data
  • LDAP Message ID
  • Operation Time
  • Operation ID
  • System Extension OID
  • Authorization DN
  • Any other data associated with
  • LDAP Result Code
EVT_LDAP_MODLDAPSERVER
  • No data associated. Just a notification will be sent.
EVT_LDAP_PASSWARDMODIFYTYPE
  • Connection Data
  • LDAP Message ID
  • Operation Time
  • Authorization DN
  • DN of the entry being operated on
  • Password Modification Type
  • LDAP Result Code
EVT_LDAP_UNKNOWNOP
  • Time
  • Client IP Address and port
EVT_LDAP_BINDRESPONSE,
EVT_LDAP_SEARCHRESPONSE,
EVT_LDAP_ADDRESPONSE,
EVT_LDAP_COMPARERESPONSE,
EVT_LDAP_MODIFYRESPONSE,
EVT_LDAP_DELETERESPONSE,
EVT_LDAP_MODDNRESPONSE and
EVT_LDAP_EXTOP_RESPONSE
  • Connection Data
  • LDAP Message ID
  • Operation Time
  • LDAP Result Code
  • Matched DN, in case of error
  • Referral Data

Cool Tool to monitor LDAP Events:

Usage:

MonitorClient.exe <eDirectory Server IP/host name> <ldap port number> <authorization dn> <password> <time to monitor in seconds>

Run this application through one client. This will monitor the eDirectory server for the number of seconds specified as the parameter and report all the LDAP events happening at the eDirectory server sequentially in order.

Supported Platform: Linux 32-bit

Example:

MonitorClient.exe acme.com 389 cn=admin,o=org secret 300

This will monitor the eDirectory server acme.com for the LDAP events happening 5 minutes (300 seconds).

Screen Shot of the data being shown:

8689-1

Note: This tool will give only the partial data of the LDAP events.

Users can write their own custom application for monitoring the events through the Novell’s LDAP SDK “LDAP Libraries for C”.

More details can be found at: http://developer.novell.com/wiki/index.php/LDAP_Libraries_for_C

1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this post.
Loading...Loading...
Categories: Cool Tools, eDirectory

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
Jul 20, 2009
4:00 pm
Reads:
2,320
Score:
5