2.2 Configuring XDAS Events

For information about configuring XDASv2 events for eDirectory, see Section 4.4, Configuring XDASv2 Events for Auditing.

Table 2-5 lists how eDirectory internal events are mapped to XDAS events.

NOTE:For information about eDirectory events and their description, see

Table 2-5 Mapping XDAS Events with eDirectory Events

XDAS Event

eDirectory Event

CREATE_ACCOUNT

For an example of this event, see Create Account.

DSE_CREATE_ENTRY

DSE_LDAP_ADD

DSE_LDAP_ADDRESPONSE

DSE_NAME_COLLISION

DELETE_ACCOUNT

For an example of this event, see Delete Account.

DSE_DELETE_ENTRY

DSE_LDAP_DELETE

DSE_LDAP_DELETERESPONSE

DSE_MOVE_SOURCE_ENTRY

DSE_REMOVE_ENTRY

ENABLE_ACCOUNT

For an example of this event, see Enable Account.

DSE_ADD_VALUE

DISABLE_ACCOUNT

For an example of this event, see Disable Account.

DSE_ADD_VALUE

QUERY_ACCOUNT

For an example of this event, see Query Account.

DSE_DSA_READ

DSE_INSPECT_ENTRY

DSE_LDAP_SEARCH

DSE_LDAP_SEARCHENTRYRESPONSE

DSE_SEARCH

DSE_LDAP_COMPARE

MODIFY_ACCOUNT

For an example of this event, see Modify Account.

DSE_ADD_VALUE

DSE_DELETE_ATTRIBUTE

DSE_DELETE_VALUE

DSE_LDAP_MODDN

DSE_LDAP_MODDNRESPONSE

DSE_LDAP_MODIFY

DSE_LDAP_MODIFYRESPONSE

DSE_MERGE_ENTRIES

DSE_MODIFY_ENTRY

DSE_MODIFY_RDN

DSE_RENAME_ENTRY

MODIFY_ACCOUNT_SECURITY_TOKEN

For an example of this event, see Modify Account Security Token.

DSE_CHGPASS

CREATE_SESSION

For an example of this event, see Create Session.

To monitor the Authenticate Session event, you need to enable both the XDAS and NMAS Auditing. For more information, see Auditing with XDASv2 and Using XDASv2 for Auditing NMAS Events respectively.

NOTE:Prior to eDirectory 8.8.8 P9, DSE_LDAP_CONNECTION event is used to monitor the Create Session event.

DSE_LOGIN_EX

TERMINATE_SESSION

DSE_LOGOUT

MODIFY_SESSION

For an example of this event, see Modify Session.

DSE_CHANGE_CONN_STATE

CREATE_DATA_ITEM

For an example of this event, see Create Data Item.

DSE_CREATE_BACKLINK

DSE_CREATE_ENTRY

DSE_CREATE_SUBREF

DSE_LDAP_ADD

DSE_LDAP_ADDRESPONSE

DSE_NAME_COLLISION

DSE_SPLIT_DONE

DSE_SPLIT_PARTITION

DELETE_DATA_ITEM

For an example of this event, see Delete Data Item.

DSE_DELETE_ENTRY

DSE_JOIN_PARTITIONS

DSE_LDAP_DELETE

DSE_LDAP_DELETERESPONSE

DSE_MOVE_SOURCE_ENTRY

DSE_REMOVE_ENTRY

DSE_REMOVE_ENTRY_DIR

DSE_REMOTE_SERVER_DOWN

MODIFY_DATA_ITEM_ATTRIBUTE

For an example of this event, see Modify Data Item Attribute.

DSE_ABORT_PARTITION_OP

DSE_ADD_PROPERTY

DSE_ADD_REPLICA

DSE_ADD_VALUE

DSE_CHANGE_REPLICA_TYPE

DSE_CHECK_SEV

DSE_DEFINE_ATTR_DEF

DSE_DEFINE_CLASS_DEF

DSE_DELETE_ATTRIBUTE

DSE_DELETE_PROPERTY

DSE_DELETE_VALUE

DSE_LDAP_MODDN

DSE_LDAP_MODDNRESPONSE

DSE_GEN_CA_KEYS

DSE_LDAP_MODIFY

DSE_LDAP_MODIFYRESPONSE

DSE_LDAP_PASSWDMODIFY

DSE_MERGE_ENTRIES

DSE_MODIFY_CLASS_DEF

DSE_MODIFY_ENTRY

DSE_MODIFY_RDN

DSE_MOVE_SUBTREE

DSE_MOVE_TREE

DSE_MUTATE_ENTRY

DSE_PARTITION_STATE_CHG

DSE_PARTITION_EVENT

DSE_RECERT_PUB_KEY

DSE_REMOVE_ATTR_DEF

DSE_REMOVE_BACKLINK

DSE_REMOVE_CLASS_DEF

DSE_REMOVE_REPLICA

DSE_RENAME_ENTRY

DSE_STREAM

DSE_UPDATE_ATTR_DEF

DSE_UPDATE_CLASS_DEF

DSE_UPDATE_REPLICA

DSE_UPDATE_SCHEMA

DSE_UPDATE_SEV

QUERY_DATA_ITEM_ATTRIBUTE

For an example of this event, see Query Data Item Attribute.

DSE_CHECK_SEV

DSE_COMPARE_ATTR_VALUE

DSE_DSA_READ

DSE_INSPECT_ENTRY

DSE_LDAP_COMPARE

DSE_LDAP_COMPARERESPONSE

DSE_LDAP_SEARCH

DSE_LDAP_SEARCHENTRYRESPONSE

DSE_LDAP_SEARCHRESPONSE

DSE_LIST_CONT_CLASSES

DSE_LIST_PARTITIONS

DSE_LIST_SUBORDINATES

DSE_READ_ATTR

DSE_READ_REFERENCES

DSE_REFERRAL

DSE_SEARCH

DSE_STREAM

DSE_VERIFY_PASS

DSE_LOW_LEVEL_JOIN

ENABLE_SERVICE

For an example of this event, see Enable Service.

DSE_CHANGE_MODULE_STATE

DISABLE_SERVICE

For an example of this event, see Disable Service.

DSE_CHANGE_MODULE_STATE

INVOKE_SERVICE

For an example of this event, see Invoke Service.

DSE_BACKLINK_PROC_DONE

DSE_LIMBER_DONE

DSE_LUMBER_DONE

DSE_MOVE_TREE_START

DSE_PURGE_START

DSE_RECV_REPLICA_UPDATES

DSE_SEND_REPLICA_UPDATES

DSE_START_JOIN

DSE_START_UPDATE_REPLICA

DSE_START_UPDATE_SCHEMA

DSE_SYNC_PARTITION

DSE_SYNC_PART_START

DSE_SYNC_SCHEMA

DSE_SYNC_SVR_OUT_START

TERMINATE_SERVICE

For an example of this event, see Terminate Service.

DSE_ABORT_JOIN

DSE_END_UPDATE_REPLICA

DSE_END_UPDATE_SCHEMA

DSE_JOIN_DONE

DSE_MOVE_TREE_END

DSE_PURGE_END

DSE_SCHEMA_SYNC

DSE_SYNC_PART_END

DSE_SYNC_SVR_OUT_END

MODIFY_PROCESS_CONTEXT

For an example of this event, see Modify Process Context.

DSE_CHANGE_TREE_NAME

DSE_LDAP_MODLDAPSERVER

DSE_MERGE_TREE

DSE_PART_STATE_CHG_REQ

DSE_REPAIR_TIME_STAMPS

DSE_RESET_DS_COUNTERS

DSE_SERVER_ADDRESS_CHANGE

DSE_SERVER_RENAME

DSE_SET_NEW_MASTER

DSE_SYNTHETIC_TIME

CREATE_PEER_ASSOCIATION

For an example of this event, see Create Peer Association.

DSE_ADD_MEMBER

DSE_ADD_VALUE

TERMINATE_PEER_ASSOCIATION

For an example of this event, see Terminate Peer Association.

DSE_DELETE_MEMBER

DSE_DELETE_VALUE

CREATE_DATA_ITEM_ASSOCIATION

For an example of this event, see Create Data Item Association.

DSE_ADD_VALUE

TERMINATE_DATA_ITEM_ASSOCIATION

For an example of this event, see Terminate Data Item Association.

DSE_DELETE_ATTRIBUTE

DSE_DELETE_VALUE

MODIFY_DATA_ITEM_ASSOCIATION

DSE_BKLINK_OPERATOR

DSE_BKLINK_SEV

DSE_CHANGE_OBJ_SECURITY

DSE_CHANGE_PROP_SECURITY

DSE_CHANGE_SECURITY_EQUALS

CREATE_ROLE

For an example of this event, see Create Role.

DSE_CREATE_ENTRY

DSE_LDAP_ADD

DSE_LDAP_ADDRESPONSE

DSE_NAME_COLLISION

DSE_ADD_ENTRY

DELETE_ROLE

For an example of this event, see Delete Role.

DSE_DELETE_ENTRY

DSE_DELETE_VALUE

DSE_LDAP_DELETE

DSE_LDAP_DELETERESPONSE

DSE_MOVE_SOURCE_ENTRY

DSE_REMOVE_ENTRY

MODIFY_ROLE

For an example of this event, see Modify Role.

DSE_ADD_VALUE

DSE_DELETE_ATTRIBUTE

DSE_DELETE_VALUE

DSE_LDAP_MODIFY

DSE_LDAP_MODIFYRESPONSE

DSE_MERGE_ENTRIES

DSE_MODIFY_ENTRY

DSE_MODIFY_RDN

DSE_RENAME_ENTRY

QUERY_ROLE

For an example of this event, see Query Role.

DSE_LDAP_SEARCH

DSE_LDAP_COMPARE

START_SYSTEM

For an example of this event, see Start System.

DSE_AGENT_OPEN_LOCAL

DSE_RELOAD_DS

SHUTDOWN_SYSTEM

For an example of this event, see Shutdown System.

DSE_AGENT_CLOSE_LOCAL

BACKUP_DATA_STORE

DSE_BACKUP_ENTRY

RECOVER_DATA_STORE

For an example of this event, see Recover Data Store.

DSE_RESTORE_ENTRY

AUTHENTICATE_SESSION

For an example of this event, see Authenticate Session.

To monitor the Authenticate Session event, you need to enable both the XDAS and NMAS Auditing. For more information, see Auditing with XDASv2 and Using XDASv2 for Auditing NMAS Events respectively.

NOTE:Prior to eDirectory 8.8.8 P9, DSE_LDAP_BIND, DSE_LDAP_BINDRESPONSE and DSE_LOGIN events are used to monitor the Authenticate Session event.

DSE_AUTHENTICATE

UNAUTHENTICATE_SESSION

For an example of this event, see Unauthenticate Session.

DSE_LDAP_UNBIND

CREATE_ACCESS_TOKEN

For an example of this event, see Create Access Token.

DSE_ALLOW_LOGIN

DSE_GEN_CA_KEYS

DSE_RECERT_PUB_KEY

EDIR_OPERATIONAL_ID

DSE_CRC_FAILURE

DSE_DELETE_SUBTREE

DSE_DELETE_UNUSED_EXTREF

DSE_DSA_BAD_VERB

DSE_LDAP_UNKNOWNOP

DSE_LOST_ENTRY

DSE_NEW_SCHEMA_EPOCH

DSE_NO_REPLICA_PTR

DSE_PURGE_ENTRY_FAIL

DSE_RESEND_ENTRY

NOTE:After you select the event, it takes up to 3 minutes for the configuration changes to take effect on the NCP Server. If you want the configuration changes to be implemented immediately on the NCP server, you can unload and load the xdasauditds module.

2.2.1 Loading and Unloading the Modules

After you have configured the XDASv2 events, run the following commands to load and unload the XDASv2 modules:

To automatically load the xdasauditds module whenever the ndsd server is started:

  • Linux

    Add xdasauditds to the /etc/opt/novell/eDirectory/conf/ndsmodules.conf file.

  • Windows

    Run ndscons.exe, select xdasauditds from the list of available modules, click Startup, and then select Automatic for Startup Type.

To manually load and unload the xdasauditds module:

  • Linux

    To load, run ndstrace -c "load xdasauditds".

    To unload, run ndstrace -c "unload xdasauditds".

  • Windows

    To load, run ndscons.exe, select xdasauditds from the list of available modules, then click Start.

    To unload, run ndscons.exe, select xdasauditds from the list of available modules, then click Stop.

If you have installed Novell Modular Authentication Service (NMAS) and enabled NMAS auditing, the NMAS server automatically loads the XDASv2 library.