IMPORTANT:The Peer Association Management Events will be deprecated with eDirectory 8.8 SP8 Patch 8 onwards.
Peer association events relate to the association of a user or identity with a group, or the association of two users in some domain-specific context. For example, adding an LDAP user to a group, or associating two users for a domain-specific purpose in an application's identity association database. These events are also related to the association of identities within disparate authentication domains for purposes of federation.
For example, when an identity in Domain A makes a request to a service governed by Domain B, then a peer association is required between these domains – often this is called a trust relationship. From an implementation perspective, setting up a trust relationship is often done by establishing an identity in Domain B, which is used as a proxy for any request coming from any identity in Domain A. Trust relationships can be much more complex. However, as individual identities in Domain A can have individual associations with specific Domain B identities.
Table 5-7 Peer Association Management Events Taxonomy
|
Event Name |
Event Identifier |
Corresponding eDir Event |
Description |
Use |
|---|---|---|---|---|
|
Create Peer Association |
0.0.5.0 |
DSE_ADD_MEMBER DSE_ADD_VALUE |
Create an association with a peer |
This event is reported when a new peer association is created. |
|
Terminate Peer Association |
0.0.5.1 |
DSE_DELETE_MEMBER DSE_DELETE_VALUE |
Terminate an association with a peer |
This event is reported when an existing peer association is destroyed. |
The following sections include examples for peer association management events.
Click Create Peer Association to generate an event when a new peer association is created, as shown in the following example:
Jan 08 10:18:14 eDirectory : INFO {"Source" : "eDirectory#DS","Observer" : {"Account" : {"Domain" : "MYTREE","Name" : "CN=SRV1,O=mycom"},"Entity" : {"SysAddr" : "100.1.2.164","SysName" : "SLES11-SP2-164"}},"Initiator" : {"Account" : {"Name" : "CN=admin,O=mycom","Id" : "32809"},"Entity" : {"SysAddr" : "100.1.2.3:37573"}},"Target" : {"Data" : {"Attribute Name" : "LDAP Screen Level","Attribute Value" : "29257","ClassName" : "LDAP Server","Name" : "CN=LDAP Server - SLES11-SP2-164,O=mycom","Syntax" : "8"}},"Action" : {"Event" : {"Id" : "0.0.5.0","Name" : "CREATE_PEER_ASSOCIATION","CorrelationID" : "eDirectory#38#c92dfc98-2b8c-4116-0197-98fc2dc98c2b","SubEvent" : "DSE_ADD_VALUE"},"Time" : {"Offset" : 1389847694},"Log" : {"Severity" : 7},"Outcome" : "0","ExtendedOutcome" : "0"}}
Click Terminate Peer Association to generate an event when an existing peer is destroyed, as shown in the following example:
Jan 08 10:18:14 eDirectory : INFO {"Source" : "eDirectory#DS","Observer" : {"Account" : {"Domain" : "MYTREE","Name" : "CN=SRV1,O=mycom"},"Entity" : {"SysAddr" : "100.1.2.164","SysName" : "SLES11-SP2-164"}},"Initiator" : {"Account" : {"Name" : "CN=admin,O=mycom","Id" : "32809"},"Entity" : {"SysAddr" : "100.1.2.3:37573"}},"Target" : {"Data" : {"Attribute Name" : "modifiersName","Attribute Value" : "CN=admin,O=mycom","ClassName" : "LDAP Server","Name" : "CN=LDAP Server - SLES11-SP2-164,O=mycom","Syntax" : "3"}},"Action" : {"Event" : {"Id" : "0.0.5.1","Name" : "TERMINATE_PEER_ASSOCIATION","CorrelationID" : "eDirectory#38#c92dfc98-2b8c-4116-0197-98fc2dc98c2b","SubEvent" : "DSE_DELETE_VALUE"},"Time" : {"Offset" : 1389847694},"Log" : {"Severity" : 7},"Outcome" : "0","ExtendedOutcome" : "0"}}