LDAP Audit Logging

UCS - Univention Corporate Server
1

Some Questions for Audit Logging:

  1. Is it possible to filter out users? eg. cn=admin,dc=rent24,dc=com
  2. Is it possible to filter out automated changes and only log the once done by “real” users.
  3. Is there any viewer for the log file?

Thanks a lot,
Best,
meg

2

Hey,

  1. Yes, that is possible. There are UCR variables you can set in order to ignore certain DNs. See ucr search ldap/logging/exclude
  2. No, that’s not possible. The logger module is triggered by the LDAP server for each change, and the LDAP server simply doesn’t know why/who initiated an update. Even worse, the methods used to update (e.g. the udm command line utility) can be used by both automated tools (such as the join scripts) as well as “real humans” (e.g. in order to update passwords). Therefore such a distinction wouldn’t be possible even if the LDAP server had the knowledge about what triggered the change.
  3. As far as I know: no.

m.

1 Like