Intercepting an LDAP in order to gather statistics

Question

We are looking at building an application that either proxies a standalone LDAP server or delegates to an embedded Java LDAP instance (ie: ApacheDS, OpenDS) in order to log requests and determine who is accessing which applications on our very large corporate network.

My question is is there a good way to intercept an LDAP request and "pull it apart" or have either OpenDS/ApacheDS push notifications of requests coming into LDAP.

score 3 · Accepted Answer · answered Sep 10 '10 at 00:06

3

You don't need to do any of that. You can configure LDAP servers to log accesses, either in the LDAP directory itself or elsewhere.

answered Sep 10 '10 at 00:06

user207421

305,947
44
307
483

score 1 · Answer 2 · answered May 28 '12 at 07:32

1

OpenDJ (the actively developed fork of OpenDS, http://opendj.forgerock.org) has support for multiple and customized access logs, so you can even configure some filters for the specific requests you're interested in.

answered May 28 '12 at 07:32

Ludovic Poitou

4,788
2
21
30

Intercepting an LDAP in order to gather statistics

2 Answers2