Sun Directory Server Enterprise Edition 7.0 Developer's Guide

Logging the Authentication Method

The following example logs the bind authentication method. Refer to install-path/examples/testpreop.c for complete example code.

Example 5–2 Logging the Authentication Method (testpreop.c)

#include "slapi-plugin.h"

testpreop_bind(Slapi_PBlock * pb)
    char * auth;                       /* Authentication type     */
    char * dn;                         /* Target DN               */
    int    method;                     /* Authentication method   */
    int    connId, opId, rc = 0;
    long   msgId;

    /* Get target DN for bind and authentication method used.     */
    rc |= slapi_pblock_get(pb, SLAPI_BIND_TARGET,     &dn);
    rc |= slapi_pblock_get(pb, SLAPI_BIND_METHOD,     &method);
    rc |= slapi_pblock_get(pb, SLAPI_OPERATION_MSGID, &msgId);
    rc |= slapi_pblock_get(pb, SLAPI_CONN_ID,         &connId);
    rc |= slapi_pblock_get(pb, SLAPI_OPERATION_ID,    &opId);
    if (rc == 0) {
        switch (method) {
            case LDAP_AUTH_NONE:   auth = "No authentication";
            case LDAP_AUTH_SIMPLE: auth = "Simple authentication";
            case LDAP_AUTH_SASL:   auth = "SASL authentication";
            default: auth = "Unknown authentication method";
    } else {
        return (rc);

    /* Log target DN and authentication method info.              */
        "testpreop_bind in test-preop plug-in",
        "Target DN: %s\tAuthentication method: %s\n", dn, auth
    return (rc);

This plug-in function sets the auth message based on the authentication method. The function does nothing to affect the way Directory Server processes the bind.

ProcedureTo Register the Plug-In

If you have not already done so, build the example plug-in library and activate both plug-in informational logging and the example plug-in.

  1. Build the plug-in.

    Hint Use install-path/examples/Makefile or install-path/examples/Makefile64.

  2. Configure Directory Server to log plug-in informational messages and load the plug-in.

     $ dsconf create-plugin -F custom-plugin-init-function -G custom-plugin-argument -H lib-path \
    -Y custom-plugin-type "Custom Plugin"
    $ dsconf enable-plugin "Custom Plugin"

    Hint For more information, use the commands specified in the plug-in source file.

  3. Restart Directory Server.

    $ dsadm restart instance-path

ProcedureTo Generate a Bind Log Message

  1. Bind as Kirsten Vaughan (for example).

    $ ldapsearch -h localhost -p 1389 -b "dc=example,dc=com" \
     -D "uid=kvaughan,ou=people,dc=example,dc=com" -w bribery "(uid=*)"
  2. Search instance-path/logs/errors for the resulting message from the testpreop_bind() function.

    If you ignore housekeeping information for the entry, output similar to this appears:

    Target DN: uid=kvaughan,ou=people,dc=example,dc=com
    Authentication method: Simple authentication

    For a discussion of less trivial pre-bind plug-in functions, refer to Chapter 6, Handling Authentication Using Plug-Ins.