LDAP activity logging

LDAP activity logging tracks information about every LDAP request. Because each type of LDAP request has a different structure, Domino® generates a different activity logging record for each type.

This table shows the types of LDAP requests and some of the information that Domino® logs for each type of request. Domino® does not generate Checkpoint records for LDAP requests.

Table 1. Information logged for requests by type

Request type

Information logged

Abandon

Organization name, user name, server name, client IP address, the message ID of the command to abandon, the LDAP result code, and any error messages returned to the client

Add

Organization name, user name, server name, client IP address, the distinguished name of the object to be added, the attributes that are added and their new values, the names of the directories to which the entry was added, the number of entries added, the number of bytes sent to the server, the LDAP result code, and any error messages returned to the client

Bind

Organization name, user name, server name, client IP address, LDAP version, the name the client is using to bind, the authentication method, the LDAP result code, and any error messages returned to the client

Compare

Organization name, user name, server name, client IP address, the distinguished name of the object that was compared, the attribute and value portions of the attribute value assertion, names of the directories searched, the number of bytes sent to the server in the query, the LDAP result code, and any error messages returned to the client

Delete

Organization name, user name, server name, client IP address, the distinguished name of the object that was deleted, names of directories from which the object was deleted, the number of entries deleted, the number of bytes sent to the server, the LDAP result code, and any error messages returned to the client

Extended

Organization name, user name, server name, client IP address, the name of the extended command, the LDAP result code, and any error messages returned to the client

Modify

Organization name, user name, server name, client IP address, the distinguished name of the entry to be modified, the operations to be performed on the entry (add, delete, replace), the attributes that are modified and their new values, the names of the directories in which the entry was modified, the number of entries modified, the number of bytes sent to the server, the LDAP result code, and any error messages returned to the client

ModifyDN

Organization name, user name, server name, client IP address, the directory entry that is modified, the new Relative Distinguished Name (RDN®), whether the old RDN® was deleted, the new parent entry, the names of the directories in which the entry was modified, the number of entries modified, the number of bytes sent to the server, the LDAP result code, and any error messages returned to the client

Search

Organization name, user name, server name, client IP address, the base object, the scope of the search, deref aliases, the maximum number of entries the client requests, the time limit a client requests for a session, the types of information to include in a record (field names only or field names and values), filters, the attributes that you want displayed for each entry, the amount of time the search took, the names of the directories searched, the number of entries and the number of bytes sent to the client, the LDAP result code, and any error messages returned to the client

Unbind

Organization name, user name, server name, client IP address, the LDAP result code, and any error messages returned to the client

You can customize the LDAP service configuration to limit the amount of data collected in the Values fields in Add and Modify records.