How to log a specific ldap attribute in access log.


<< Back to Knowledge Search

Solution

Overview

In this example we will log physicalDeliveryOfficeName which exists in standard AD ldap, and place it in the elff format cs-userdn.

you can use any attribute that exists in your ldap server and replace any elff placeholder that you wish.

cport is the name of the log that is being edited.

condition="LDAP_Attribute" checks that the attribute exists.

log.rewrite.cs-userdn[cport]("$(ldap.attribute.ldap_attribute_name=physicalDeliveryOfficeName)")  rewrites the cs-userdn with the arribute.

 

Here is the code you need to place in a cpl layer in the VPM or directly in local policy.

<Proxy>
    condition="LDAP_Attribute" log.rewrite.cs-userdn[cport]("$(ldap.attribute.ldap_attribute_name=physicalDeliveryOfficeName)") log.suppress.cs-userdn[cport](no)

define condition "LDAP_Attribute"
   realm=labone ldap.attribute.physicalDeliveryOfficeName.exists=yes
end

Cause
Resolution
Workaround
Additional Information
Bug Number
InQuira Doc IdFAQ3108
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      ProxySG
Software      SGOS 6
Topic      Access Logging
Article Number      000011186
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat