Access Log Content For Additional Access Logging Levels - Netscape DIRECTORY SERVER 6.0 Configuration Manual

Access Log Content
NOTE
Access Log Content for Additional Access
Logging Levels
This section presents the additional access logging levels available in the Directory
Server 6.0 access log.
In Code Example 5-2 on page 185 access logging level 512 is enabled which logs
access to entries and referrals. In this extract 6 entries and 1 referral are returned in
response to the search request in bold.
184 Netscape Directory Server Configuration, Command, and File Reference • December 2001
Note also that the authenticated DN (the DN used for access control
decisions) is now logged in the BIND result line as opposed to the
bind request line as was previously the case:
[21/Apr/2001:11:39:55 -0700] conn=14 op=1 RESULT err=0
tag=97 nentries=0 etime=0
dn="uid=coulbeck,dc=example,dc=com"
For SASL binds, the DN value displayed in the BIND request line is
not used by the server and as a consequence not relevant. However,
given that the authenticated DN is the DN which, for SASL binds,
must be used for audit purposes, it is essential that this be clearly
logged. Having this authenticated DN logged in the BIND result
line avoids any confusion as to which DN is which.