4

I asked a similar question earlier, and this is an extension to it. Basically, we need to have auditable logs for legal reasons of permission/user management and authentication attempts. Our permissions and users are stored in an LDAP service, and I was wondering what auditing libraries were available for usage? Are there any? Is it better to use an auditing library that is a little higher level? Are there any good resources on what auditing should be and how it is traditionally done?

Community
  • 1
  • 1
aperkins
  • 12,914
  • 4
  • 29
  • 34
  • What kind of ldap server are you using? AD, e-D, OpenLdap ? – extraneon May 21 '11 at 07:52
  • I believe it is OpenLdap, although I would prefer an answer that was independent of the particular server implementation, if that was at all possible. – aperkins May 21 '11 at 16:15

2 Answers2

2

For me, what you are looking for, is particular for each Directory server. Because 'Authentication' is more defined as an interface than a feature, and 'Permissions' are just non standard.

Authentication is normalized via "simple bind" or "SASL", but the behaviour of the server (log) are not a standard as far as I know.

Permissions, I mean Access Control List (ACLs) are a non standard feature. The way permissions are implemented in Active directory, is different from the way they are implemented in Sun e-Directory (special attributes). For example in OpenLDAP permissions are implented in a kind of access filter.

So my advice is to start from you Directory Server and have a look on what exists.

JPBlanc
  • 70,406
  • 17
  • 130
  • 175
1

LDAP keeps its own audit logs, at least OpenLDAP does, or can be made to.

user207421
  • 305,947
  • 44
  • 307
  • 483