Hi List, I need a nice , clean solution to give access to LDAP error log and access file to developers team on our prod ldap , mentioned I they will not be allowed to log in the actual LDAP host, at present time dev's are using Appache Studio Thank you for all your input
Hi,
If your developers are willing to work with logs sent to a syslog server that they have access to, you can do something like the:
vi /etc/rsyslog.conf
Add the following line near the top of the file:
$ModLoad imfile
Add the following lines towards the bottom of the file:
# LDAP Logging local4.* /var/log/slapd.log
$InputFileName /var/log/dirsrv/slapd-<hostname>/access $InputFileTag 389ds-access $InputFileStateFile state-389ds-access $InputFileSeverity info $InputFileFacility local4 $InputRunFileMonitor
$InputFileName /var/log/dirsrv/slapd-<hostname>/errors $InputFileTag 389ds-errors $InputFileStateFile state-389ds-errors $InputFileSeverity info $InputFileFacility local4 $InputRunFileMonitor
$InputFileName /var/log/dirsrv/slapd-<hostname>/audit $InputFileTag 389ds-audit $InputFileStateFile state-389ds-audit $InputFileSeverity info $InputFileFacility local4 $InputRunFileMonitor
Once this is done, restart the rsyslog service so that the new configuration is running.
Hope this helps you or someone else on the list.
Kevin
On 08/12/2015 12:56 PM, ghiureai wrote:
Hi List, I need a nice , clean solution to give access to LDAP error log and access file to developers team on our prod ldap , mentioned I they will not be allowed to log in the actual LDAP host, at present time dev's are using Appache Studio Thank you for all your input
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
You could add an ACL with readonly permissions to those logs by by userid or groupid. Paul M. Whitney E-mail: paul.whitney@mac.com Sent from my browser.
On Aug 12, 2015, at 12:57 PM, ghiureai isabella.ghiurea@nrc-cnrc.gc.ca wrote:
Hi List, I need a nice , clean solution to give access to LDAP error log and access file to developers team on our prod ldap , mentioned I they will not be allowed to log in the actual LDAP host, at present time dev's are using Appache Studio Thank you for all your input
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Or alternatively, create a sudo role that allows them to use the /bin/less or /bin/more command on the particular logs of interest. Paul M. Whitney E-mail: paul.whitney@mac.com Sent from my browser.
On Aug 12, 2015, at 12:57 PM, ghiureai isabella.ghiurea@nrc-cnrc.gc.ca wrote:
Hi List, I need a nice , clean solution to give access to LDAP error log and access file to developers team on our prod ldap , mentioned I they will not be allowed to log in the actual LDAP host, at present time dev's are using Appache Studio Thank you for all your input
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Sorry, the detail of not letting them log in escaped me. So sudo or ACL is not going to work for you. Perhaps, a cron job that pulls a copy of the log to the developer accessible server. The apply the sudo or ACL on that developer accessible server. Paul M. Whitney E-mail: paul.whitney@mac.com Cell: 410.493.9448 Sent from my browser.
On Aug 12, 2015, at 01:55 PM, Paul Whitney paul.whitney@mac.com wrote:
Or alternatively, create a sudo role that allows them to use the /bin/less or /bin/more command on the particular logs of interest. Paul M. Whitney E-mail: paul.whitney@mac.com Sent from my browser.
On Aug 12, 2015, at 12:57 PM, ghiureai isabella.ghiurea@nrc-cnrc.gc.ca wrote:
Hi List, I need a nice , clean solution to give access to LDAP error log and access file to developers team on our prod ldap , mentioned I they will not be allowed to log in the actual LDAP host, at present time dev's are using Appache Studio Thank you for all your input
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org
-
ghiureai -
Kevin Kelly -
Paul Whitney