Logging the Authentication Method (Sun Java System Directory Server Enterprise Edition 6.3 Developer's Guide)

Sun Java System Directory Server Enterprise Edition 6.3 Developer's Guide

Logging the Authentication Method

The following example logs the bind authentication method. Refer to install-path/examples/testpreop.c for complete example code.

Example 6–2 Logging the Authentication Method (`testpreop.c`)

#include "slapi-plugin.h"

int
testpreop_bind(Slapi_PBlock * pb)
{
    char * auth;                       /* Authentication type     */
    char * dn;                         /* Target DN               */
    int    method;                     /* Authentication method   */
    int    connId, opId, rc = 0;
    long   msgId;

    /* Get target DN for bind and authentication method used.     */
    rc |= slapi_pblock_get(pb, SLAPI_BIND_TARGET,     &dn);
    rc |= slapi_pblock_get(pb, SLAPI_BIND_METHOD,     &method);
    rc |= slapi_pblock_get(pb, SLAPI_OPERATION_MSGID, &msgId);
    rc |= slapi_pblock_get(pb, SLAPI_CONN_ID,         &connId);
    rc |= slapi_pblock_get(pb, SLAPI_OPERATION_ID,    &opId);
    if (rc == 0) {
        switch (method) {
            case LDAP_AUTH_NONE:   auth = "No authentication";
                break;
            case LDAP_AUTH_SIMPLE: auth = "Simple authentication";
                break;
            case LDAP_AUTH_SASL:   auth = "SASL authentication";
                break;
            default: auth = "Unknown authentication method";
                break;
        }
    } else {
        return (rc);
    }

    /* Log target DN and authentication method info.              */
    slapi_log_info_ex(
        SLAPI_LOG_INFO_AREA_PLUGIN,
        SLAPI_LOG_INFO_LEVEL_DEFAULT,
        msgId,
        connId,
        opId,
        "testpreop_bind in test-preop plug-in",
        "Target DN: %s\tAuthentication method: %s\n", dn, auth
    );
    return (rc);
}

This plug-in function sets the auth message based on the authentication method. The function does nothing to affect the way Directory Server processes the bind.

To Register the Plug-In

If you have not already done so, build the example plug-in library and activate both plug-in informational logging and the example plug-in.

Build the plug-in.

Hint Use install-path/examples/Makefile or install-path/examples/Makefile64.

Configure Directory Server to log plug-in informational messages and load the plug-in.

Hint Use the commands specified in the comments at the outset of the plug-in source file.

Restart Directory Server.
$ dsadm restart instance-path

To Generate a Bind Log Message

Bind as Kirsten Vaughan (for example).

$ ldapsearch -h localhost -p 1389 -b "dc=example,dc=com" \
 -D "uid=kvaughan,ou=people,dc=example,dc=com" -w bribery "(uid=*)"

Search instance-path/logs/errors for the resulting message from the testpreop_bind() function.

If you ignore housekeeping information for the entry, output similar to this appears:
Target DN: uid=kvaughan,ou=people,dc=example,dc=com Authentication method: Simple authentication
For a discussion of less trivial pre-bind plug-in functions, refer to Chapter 7, Handling Authentication Using Plug-Ins.