Auditing is one of the primary functionalities that an administrator will be interested in when evaluating a directory. The eDirectory event mechanism facilitates eDirectory auditing. Because the applications are largely adopting the LDAP protocol for accessing directories, the requirement of auditing LDAP operations is becoming prevalent.
This chapter consists of the following sections:
This event mechanism was noticeably absent in the existing eDirectory LDAP server that could not provide sufficient LDAP information. Though NDS event system produced events for all eDirectory operations, most of this information was insufficient or irrelevant for an application to audit the LDAP server. Information that covers protocol and bind details, network address, authentication methods, authentication types, LDAP search and transaction details, and so on, that is vital for auditing an LDAP server, was not available with the NDS events. Applications developers found it difficult to write to LDAP audit applications based on these events
Because LDAP is an important interface of eDirectory, to provide a mechanism for applications to audit eDirectory LDAP server, a new LDAP event subsystem is introduced in NetIQ eDirectory 8.8 SP3 version. This subsystem generates LDAP specific events with all the relevant information for an application to audit an LDAP server. This is known as LDAP Auditing.
LDAP Auditing enables the applications to monitor/audit LDAP operations such as Add, Modify, Search, and so on, and fetches useful information from the LDAP server such as the connection information, the client IP to which the server was connected at the time of LDAP operation, the message ID, the result code of the operation, and so on.
LDAP Auditing can be exercised through the NDK LDAP Libraries for C, that provides the client side interface for this feature through new LDAP structures and events.