ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahy_5.4.0.1/rzahychlpi.htm

65 lines
4.0 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>Directory Server (LDAP) - Track access and changes to the LDAP directory</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
<a name="rzahychlpi"></a>
<h2 id="rzahychlpi">Track access and changes to the LDAP directory</h2>
<p>You might want to track access and changes to your LDAP directory. You
can use the LDAP directories change log to keep track of changes to the directory.
The change log is located under the special suffix <tt class="xph">cn=changelog</tt>.
It is stored in the QUSRDIRCL library.</p>
<p>To enable the change log, follow these steps:</p>
<ol type="1">
<li>In iSeries Navigator, expand <span class="bold">Network</span>.</li>
<li>Expand <span class="bold">Servers</span>.</li>
<li>Click <span class="bold">TCP/IP</span>.</li>
<li>Right-click <span class="bold">IBM Directory Server</span> and
select <span class="bold">Properties</span>.</li>
<li>Click the <span class="bold">Change Log</span> tab.</li>
<li>Select <span class="bold">Log directory changes</span>.</li>
<li>Optional: In the <span class="bold">Maximum entries</span> field
specify the maximum number of entries for the change log to keep. In the <span class="bold">Maximum age</span> field specify how long change
log entries are retained.
<a name="wq195"></a>
<div class="notetitle" id="wq195">Note:</div>
<div class="notebody">Though these parameters are optional,
you should strongly consider specifying either a maximum number of entries
or maximum age. If you do not specify either, the change log will keep all
entries and might become too large.</div></li></ol>
<p>The <tt class="xph">changeLogEntry</tt> object class is used to represent the changes
applied to the directory server. The set of changes is given by the ordered
set of all entries within the change log container as defined by <tt class="xph">changeNumber</tt>. The change log information is read-only.</p>
<p>Any user who is on the access control list for the <tt class="xph">cn=changelog</tt> suffix
can search the entries in the change log. You should only execute searches
on the change log suffix, <tt class="xph">cn=changelog</tt>. Do not attempt to add,
change, or delete the change log suffix, even if you have authority to do
so. This will cause unpredictable results.</p>
<p><span class="bold">Example:</span></p>
<p>The following example uses the <span class="bold">ldapsearch</span> command
line utility to retrieve all change log entries logged on the server: </p>
<pre class="xmp">ldapsearch -h <var class="pv">ldaphost</var> -D cn=<var class="pv">admininistrator</var> -w <var class="pv">password</var> -b cn=changelog (changetype=*)</pre>
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>