Access Log Content For Additional Access Logging Levels - Netscape DIRECTORY SERVER 7.0 Configuration Manual

In logging a SASL bind, the
(see "Version Number") and the SASL mechanism used, as shown below with the
GSS-API mechanism.
[05/Aug/2004:12:57:14 -0700] conn=32 op=0 BIND dn="" method=sasl
version=3 mech=GSSAPI
NOTE The authenticated DN (the DN used for access control decisions) is
now logged in the BIND result line as opposed to the bind request
line, as was previously the case:
[21/Apr/2001:11:39:55 -0700] conn=14 op=1 RESULT err=0
tag=97 nentries=0 etime=0
dn="uid=jdoe,dc=example,dc=com"
For SASL binds, the DN value displayed in the BIND request line is
not used by the server and, as a consequence, is not relevant.
However, given that the authenticated DN is the DN which, for
SASL binds, must be used for audit purposes, it is essential that this
be clearly logged. Having this authenticated DN logged in the BIND
result line avoids any confusion as to which DN is which.
Access Log Content for Additional Access
Logging Levels
This section presents the additional access logging levels available in the Directory
Server access log. In Code Example 5-2, access logging level 4, which logs internal
operations, is enabled.
Code Example 5-2
[12/Jul/2001:16:45:46 +0200] conn=Internal op=-1 SRCH
base="cn=\22dc=example,dc=com\22,cn=mapping
tree,cn=config"scope=0
filter="objectclass=nsMappingTree"attrs="nsslapd-referral"
options=persistent
method is followed by the LDAP version number
sasl
Access Log Extract with Internal Access Operations Level (Level 4)
Chapter 5 Access Log and Connection Code Reference
Access Log Content
211