Objectif: Cette 3eme partie de la série OpenLDAP tutorial a pour objectif d’activer le log OpenLDAP. Pour atteindre cet objectif il faut paramétrer l’installation du serveur d’annuaire OpenLDAP. Cette production est très importante, voire indispensable pour la surveillance et l’utilisation correcte de ce serveur. Pré-requis: OpenlDAP est installé et pré-configuré sur une machine Debian, Ubuntu ou compatibles. cf. la partie 1 et la partie 2 de cette série OpenLDAP Tutorial.
1. Activer les fichiers journaux (Log) du serveur OpenLDAP
sudo ldapsearch -Y external -H ldapi:/// -b cn=config "(objectClass=olcGlobal)" olcLogLevel -LLL > slapdlog.ldifCette commande crée le fichier slapdlog.ldif dont le contenu est le résultat de la requête LDAP exécutée par l’utilitaire ldapsearch:
dn: cn=config olcLogLevel: noneLa première ligne contient le DN (distinguished name) qui est l’identifiant unique de l’entrée. La deuxième ligne contient l’unique attribut demandée par la requête avec comme valeur: none. La génération de log est désactivée par défaut. Modifier ce fichier pour que son contenu devienne:
dn: cn=config changeType: modify replace: olcLogLevel olcLogLevel: statsMaintenant ce fihier LDIF (Lightweight data interchange format) contient une commande de modification: la deuxième ligne déclare qu’on veut modifier l’entrée, la troisième indique qu’il s’agit d’un remplacement de contenu de l’attribut olcLogLevel de cette entrée et la troisième indique la nouvelle valeur de cet attribut. stats permet de générer les logs des connexions, des opérations et de leurs résultats ce qui est parfait pour une surveillance quotidienne. Pour exécuter la commande de ce fichier sur le serveur, on utilise:
sudo ldapmodify -Y external -H ldapi:/// -f slapdlog.ldifSi on obtient le message: modifying entry “cn=config”, l’opération a réussi. Pour vérifier:
sudo ldapsearch -Y external -H ldapi:/// -b cn=config "(objectClass=olcGlobal)" olcLogLevelNormalement la prise en compte par le serveur est immédiate et aucun redémarrage n’est nécessaire. Le serveur envoi les logs produits au mécanisme de gestion des logs système. Il s’agit de rsyslog pour les versions récentes.
2. Prise en compte des log OpenLDAP par rsyslog
Créer un fichier de configuration dans dans le dossier /etc/rsyslog.d/, choisir un nom quelconque: 10-slapd.conf par exemple. Le chiffre dans le nom permet de classer les fichiers dans ce dossier. Ce fichier contient l’unique ligne:local4.* /var/log/slapd.log;slapdtmplslapdtmpl est un nom au choix qui désigne un format de présentation du contenu de ce fichier de log. Il s’agit donc de créer ce format, cela se fait dans le fichier de configuration de rsyslog:
sudo vi /etc/rsyslog.confDans l’éditeur ajouter ce qui suit, en dessous de la première ligne à partir du début qui commence par $template:
$template slapdtmpl,"[%$DAY%-%$MONTH%-%$YEAR% %timegenerated:12:19:date-rfc3339%] %app-name% %syslogseverity-text% %msg%\n"Pour plus de détails sur la créations de format pour rsyslog consulter le manuel:
man rsyslog.confVoir, notamment, le paragraphe TEMPLATES. Enfin il faut redémarrer rsyslog pour que le nouveau paramétrage soit pris en compte:
service rsyslog restart
3. Tester cette fonctionnalité du serveur OpenLDAP
Lancer une requête et consulter le contenu du fichier /var/log/slapd.log:sudo ldapsearch -Y external -H ldapi:/// -b dc=ldaptuto,dc=net sudo cat /var/log/slapd.logNormalement, on doit avoir un contenu assez significatif de ce qui a été exécuté par le serveur OpenLDAP.]]>
You really make it seem so easy with your presentation but I find this topic to be actually something that I think I would never understand. It seems too complicated and very broad for me. I am looking forward for your next post, I will try to get the hang of it!
I have learned some new points from your web site about personal computers. Another thing I’ve always assumed is that computers have become an item that each residence must have for a lot of reasons. They supply you with convenient ways in which to organize households, pay bills, shop, study, tune in to music and even watch television shows. An innovative method to complete every one of these tasks is to use a notebook computer. These pc’s are portable ones, small, robust and lightweight.
Hello. splendid job. I did not anticipate this. This is a impressive story. Thanks!
Pretty nice post. I just stumbled upon your weblog and wanted to say that I’ve really enjoyed surfing around your blog posts. In any case I will be subscribing to your rss feed and I hope you write again soon!
It’s appropriate time to make some plans for the longer term and it is time to be happy. I have read this post and if I may just I want to counsel you some attention-grabbing things or tips. Maybe you can write next articles referring to this article. I wish to learn more things about it!
Thanks a lot for providing individuals with a very terrific opportunity to discover important secrets from this website. It’s always so good plus packed with a good time for me personally and my office fellow workers to search your web site no less than three times in a week to study the newest issues you have got. And of course, I’m also actually satisfied concerning the powerful solutions served by you. Selected 1 ideas in this post are undoubtedly the most beneficial I’ve ever had.
Thanks for the diverse tips contributed on this blog. I have seen that many insurance providers offer customers generous reductions if they opt to insure multiple cars together. A significant quantity of households include several automobiles these days, in particular those with older teenage children still residing at home, plus the savings with policies may soon mount up. So it pays off to look for a great deal.
I抦 not that much of a online reader to be honest but your blogs really nice, keep it up! I’ll go ahead and bookmark your site to come back later on. Cheers
you’ve an awesome weblog right here! would you like to make some invite posts on my blog?
Thanks for the post. My spouse and i have usually noticed that most people are desperate to lose weight because they wish to show up slim along with attractive. On the other hand, they do not often realize that there are more benefits so that you can losing weight as well. Doctors state that over weight people suffer from a variety of diseases that can be directly attributed to the excess weight. Thankfully that people who definitely are overweight and also suffering from numerous diseases can reduce the severity of their own illnesses through losing weight. You’ll be able to see a gradual but marked improvement in health as soon as even a minor amount of weight loss is attained.
Your place is valueble for me. Thanks!?
Great article. It is very unfortunate that over the last 10 years, the travel industry has already been able to to deal with terrorism, SARS, tsunamis, bird flu virus, swine flu, plus the first ever real global downturn. Through all this the industry has really proven to be effective, resilient and also dynamic, acquiring new tips on how to deal with hardship. There are continually fresh difficulties and the opportunity to which the field must again adapt and answer.
I was studying some of your blog posts on this website
and I believe this web site is very informative! Keep on putting up.Raise blog range
Excellent site. A lot of useful info here. I抦 sending it to some friends ans also sharing in delicious. And naturally, thanks for your sweat!
Magnificent goods from you, man. I’ve understand your stuff previous to and you’re just too great. I really like what you have acquired here, really like what you’re saying and the way in which you say it. You make it enjoyable and you still care for to keep it sensible. I can’t wait to read much more from you. This is actually a tremendous site.
I would like to add that when you do not already have got an insurance policy or you do not participate in any group insurance, you could well really benefit from seeking the help of a health agent. Self-employed or those that have medical conditions usually seek the help of one health insurance specialist. Thanks for your blog post.
Pretty nice post. I simply stumbled upon your blog and wanted to mention that I have really loved surfing around your blog posts. After all I抣l be subscribing for your feed and I’m hoping you write once more very soon!