How would I log who authenticated against my ldap system on Linux in my lab? I have a lab with several workstations, and one server running openldap. I would like to have similar functionality as with the last
command with who, when, and where. The server and workstations all run scientific Linux.
Asked
Active
Viewed 1,673 times
2
1 Answers
1
You need to increase the logging level in your OpenLDAP instance. I believe the one you're looking for is 256. http://www.openldap.org/doc/admin24/slapdconf2.html#cn=config
For OLC, create a file with the following contents:
dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: stats
Then:
ldapmodify -H ldapi:// -Y EXTERNAL -f <file>.ldif
You'll start seeing logins show up in /var/log/syslog To get something in a 'last'-type format, you'll have to add some additional intelligence/logic to parse the syslog.
Edit: Changed olcLogLevel specifier from '256' to 'stats' as suggested by 84104. Easier to understand.
Wraezor Sharp
- 396
- 1
- 7
-
1Why are you advocating the use of `256` instead of the more human readable `stats`? – 84104 Apr 21 '16 at 23:23
-
Does this method actually log user ids? I just tried it and it gave me output similar to https://gist.github.com/HSchmale16/c923c75ba908ce8b290ea4f74c2618a9 – HSchmale Apr 28 '16 at 15:38
-
Yes. In my logging it also shows BIND attempts: `May 2 06:33:54 server slapd[60944]: conn=16101 op=0 BIND dn="cn=LDAPBind,ou=Users,dc=example,dc=com" method=128` – Wraezor Sharp May 02 '16 at 21:02