If you need to make an audit on an installed OpenLDAP on windows you will need some stuff:

We installed the version downloadable on userbooster, don’t forget that to login you will need to use « cn=Manager,dc=maxcrc,dc=com » / « secret ».

In order to activate the logs you now need to edit C:/openldap/slapd.conf with:

logLevel -1

And then restart OpenLDAP using this process:

navigate to the directory c:\openldap\var\run and delete any files in this directory (slapd.args and slapd.pid). The server should now restart. Failing this look at the log file

After that you will see a lot of content in your C:/openldap/openldap.log

Now it’s time to enable monitoring, so we add the follogin lines in our slapd.conf

database monitor

access to *

by dn.exact= »cn=Manager,dc=maxcrc,dc=com » write

     by * none

(and restart OpenLDAP).

Now you can get the monitoring datas using

ldapsearch  -D « cn=Manager,dc=maxcrc,dc=com » -w secret –

b cn=monitor  objectclass=*  +  >trace.txt

You can also use a tool to read monitoring data like the amazing  CN=monitor tool

 

Christophe Desclaux
Les derniers articles par Christophe Desclaux (tout voir)