Access Log Content
NOTE
Access Log Content for Additional Access
Logging Levels
This section presents the additional access logging levels available in the Directory
Server access log.
In Code Example 5-2 access logging level 4 is enabled which logs internal
operations.
Code Example 5-2
[12/Jul/2001:16:45:46 +0200] conn=Internal op=-1 SRCH
base="cn=\22dc=example,dc=com\22,cn=mapping
tree,cn=config"scope=0
filter="objectclass=nsMappingTree"attrs="nsslapd-referral"
options=persistent
12/Jul/2001:16:45:46 +0200] conn=Internal op=-1 RESULT err=0
tag=48 nentries=1etime=0
[12/Jul/2001:16:45:46 +0200] conn=Internal op=-1 SRCH
base="cn=\22dc=example,dc=com\22,cn=mapping tree,cn=config"
scope=0 filter="objectclass=nsMappingTree" attrs="nsslapd-state"
[12/Jul/2001:16:45:46 +0200] conn=Internal op=-1 RESULT err=0
tag=48 nentries=1etime=0
188
Netscape Directory Server Configuration, Command, and File Reference • May 2002
Note also that the authenticated DN (the DN used for access control
decisions) is now logged in the BIND result line as opposed to the
bind request line as was previously the case:
[21/Apr/2001:11:39:55 -0700] conn=14 op=1 RESULT err=0
tag=97 nentries=0 etime=0
dn="uid=coulbeck,dc=example,dc=com"
For SASL binds, the DN value displayed in the BIND request line is
not used by the server and as a consequence not relevant. However,
given that the authenticated DN is the DN which, for SASL binds,
must be used for audit purposes, it is essential that this be clearly
logged. Having this authenticated DN logged in the BIND result
line avoids any confusion as to which DN is which.
Access Log Extract with Internal Access Operations Level (Level 4)