5.6 Peer Association Management Events

Peer association events are related to the association of a user or identity with a group, or the association of two users in some domain-specific context. For example, adding an LDAP user to a group, or associating two users for a domain-specific purpose in an application's identity association database.These events are also related to the association of identities within disparate authentication domains for purposes of federation.

For example, when an identity in domain A makes a request to a service governed by domain B, then a peer association is required between these domains – often this is called a trust relationship. From an implementation perspective, setting up a trust relationship is often done by establishing an identity in domain B, which is used as a proxy for any request coming from any identity in domain A. Trust relationships can be much more complex, however, as individual identities in domain A can have individual associations with specific domain B identities.

Table 5-6 Peer Association Management Events Taxonomy

Event Name

Event Identifier

Corresponding eDir Event

Description

Use

Create Peer Association

0.0.5.0

DSE_ADD_MEMBER

Create an association with a peer

This event is reported when a new peer association is created.

Terminate Peer Association

0.0.5.1

DSE_DELETE_MEMBER

DSE_DELETE_VALUE

Terminate an association with a peer

This event is reported when an existing peer association is destroyed.

5.6.1 Examples for Peer Association Management Events

The following sections include examples for peer association management events.

Create Peer Association

Click Create Peer Association to generate an event when a new peer association is created, as shown in the following example:

Jan 08 10:18:14 eDirectory : INFO {"Source" : "eDirectory#DS","Observer" : {"Account" : {"Domain" : "MYTREE","Name" : "CN=SRV1,O=mycom"},"Entity" : {"SysAddr" : "100.1.2.164","SysName" : "SLES11-SP2-164"}},"Initiator" : {"Account" : {"Name" : "CN=admin,O=mycom","Id" : "32809"},"Entity" : {"SysAddr" : "100.1.2.3:37573"}},"Target" : {"Data" : {"Attribute Name" : "LDAP Screen Level","Attribute Value" : "29257","ClassName" : "LDAP Server","Name" : "CN=LDAP Server - SLES11-SP2-164,O=mycom","Syntax" : "8"}},"Action" : {"Event" : {"Id" : "0.0.5.0","Name" : "CREATE_PEER_ASSOCIATION","CorrelationID" : "eDirectory#38#c92dfc98-2b8c-4116-0197-98fc2dc98c2b","SubEvent" : "DSE_ADD_VALUE"},"Time" : {"Offset" : 1389847694},"Log" : {"Severity" : 7},"Outcome" : "0","ExtendedOutcome" : "0"}} 

Terminate Peer Association

Click Terminate Peer Association to generate an event when an existing peer is destroyed, as shown in the following example:

Jan 08 10:18:14 eDirectory : INFO {"Source" : "eDirectory#DS","Observer" : {"Account" : {"Domain" : "MYTREE","Name" : "CN=SRV1,O=mycom"},"Entity" : {"SysAddr" : "100.1.2.164","SysName" : "SLES11-SP2-164"}},"Initiator" : {"Account" : {"Name" : "CN=admin,O=mycom","Id" : "32809"},"Entity" : {"SysAddr" : "100.1.2.3:37573"}},"Target" : {"Data" : {"Attribute Name" : "modifiersName","Attribute Value" : "CN=admin,O=mycom","ClassName" : "LDAP Server","Name" : "CN=LDAP Server - SLES11-SP2-164,O=mycom","Syntax" : "3"}},"Action" : {"Event" : {"Id" : "0.0.5.1","Name" : "TERMINATE_PEER_ASSOCIATION","CorrelationID" : "eDirectory#38#c92dfc98-2b8c-4116-0197-98fc2dc98c2b","SubEvent" : "DSE_DELETE_VALUE"},"Time" : {"Offset" : 1389847694},"Log" : {"Severity" : 7},"Outcome" : "0","ExtendedOutcome" : "0"}}