5.6 Trust Management Events

Trust Management events relate to the trust association of a user or an identity with a group, or the trust association of two users in a domain-specific context. For example, adding an LDAP user to a group, or associating two users for a domain-specific purpose in an application's identity association database. These events also relate to the association of identities within disparate authentication domains for federation purpose.

For example, when an identity in Domain A makes a request to a service governed by Domain B, an association of trust is required between the two domains. This is called a trust relationship. You set up a trust relationship by establishing an identity in Domain B, which is used as a proxy for any request coming from any identity in Domain A. Trust relationships can be much more complex. However, individual identities in Domain A can have individual associations with specific Domain B identities

Table 5-6 Trust Management Events Taxonomy

Event Name

Event Identifier

Corresponding eDir Event

Description

Use

Associate Trust

0.0.1.2

DSE_ADD_MEMBER

DSE_ADD_VALUE

An association of an account with the trust which confers trust permissions to the user.

This event is reported when a new trust association is created.

De-Associate Trust

0.0.1.4

DSE_DELETE_MEMBER

DSE_DELETE_VALUE

Disassociation of an account with a trust.

This event is reported when an existing trust association is destroyed.

5.6.1 Examples for Trust Management Events

The following sections include examples for trust management events.

Associate Trust

Click Associate Trust to generate an event when a new trust association is created, as shown in the following example:

Apr 25 15:06:49 eDirectory : INFO {"Source" : "eDirectory#DS","Observer" : {"Account" : {"Domain" : "AUDITTREE","Name" : "CN=paradigm1,O=novell"},"Entity" : {"SysAddr" : "164.99.90.123","SysName" : "paradigm1"}},"Initiator" : {"Account" : {"Name" : "CN=admin,O=novell","Id" : "32870"},"Entity" : {"SysAddr" : "164.99.90.123:34745"}},"Target" : {"Data" : {"Attribute Name" : "Member","Attribute Value" : "CN=user1,O=novell","ClassName" : "dynamicGroup","Name" : "CN=mygroup,O=novell","Syntax" : "1"}},"Action" : {"Event" : {"Id" : "0.0.1.2","Name" : "ASSOCIATE_TRUST","CorrelationID" : "eDirectory#30#7f2e38a0-36f2-43a9-9d8f-a0382e7ff236","SubEvent" : "DSE_ADD_VALUE"},"Time" : {"Offset" : 1461577009},"Log" : {"Severity" : 7},"Outcome" : "0","ExtendedOutcome" : "0"}}

De-Associate Trust

Click De-Associate Trust to generate an event when an existing trust association is destroyed, as shown in the following example:

Jan 08 10:18:14 eDirectory : INFO {"Source" : "eDirectory#DS","Observer" : {"Account" : {"Domain" : "MYTREE","Name" : "CN=SRV1,O=mycom"},"Entity" : {"SysAddr" : "100.1.2.164","SysName" : "SLES11-SP2-164"}},"Initiator" : {"Account" : {"Name" : "CN=admin,O=mycom","Id" : "32809"},"Entity" : {"SysAddr" : "100.1.2.3:37573"}},"Target" : {"Data" : {"Attribute Name" : "Group Membership","Attribute Value" : "CN=mygroup,O=novell","ClassName" : "User","Name" : "CN=user1,O=novell","Syntax" : "1"}},"Action" : {"Event" : {"Id" : "0.0.1.4","Name" : "DEASSOCIATE_TRUST","CorrelationID" : "eDirectory#38#c92dfc98-2b8c-4116-0197-98fc2dc98c2b","SubEvent" : "DSE_DELETE_VALUE"},"Time" : {"Offset" : 1389847694},"Log" : {"Severity" : 7},"Outcome" : "0","ExtendedOutcome" : "0"}}