2

How would I log who authenticated against my ldap system on Linux in my lab? I have a lab with several workstations, and one server running openldap. I would like to have similar functionality as with the last command with who, when, and where. The server and workstations all run scientific Linux.

Ricardo C
  • 193
  • 6
HSchmale
  • 223
  • 2
  • 12

1 Answers1

1

You need to increase the logging level in your OpenLDAP instance. I believe the one you're looking for is 256. http://www.openldap.org/doc/admin24/slapdconf2.html#cn=config

For OLC, create a file with the following contents:

dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: stats

Then:

ldapmodify -H ldapi:// -Y EXTERNAL -f <file>.ldif

You'll start seeing logins show up in /var/log/syslog To get something in a 'last'-type format, you'll have to add some additional intelligence/logic to parse the syslog.

Edit: Changed olcLogLevel specifier from '256' to 'stats' as suggested by 84104. Easier to understand.

Wraezor Sharp
  • 396
  • 1
  • 7
  • 1
    Why are you advocating the use of `256` instead of the more human readable `stats`? – 84104 Apr 21 '16 at 23:23
  • Does this method actually log user ids? I just tried it and it gave me output similar to https://gist.github.com/HSchmale16/c923c75ba908ce8b290ea4f74c2618a9 – HSchmale Apr 28 '16 at 15:38
  • Yes. In my logging it also shows BIND attempts: `May 2 06:33:54 server slapd[60944]: conn=16101 op=0 BIND dn="cn=LDAPBind,ou=Users,dc=example,dc=com" method=128` – Wraezor Sharp May 02 '16 at 21:02