PingDirectory

Configuring an Admin Alert Access Log publisher

Before configuring an Admin Alert Access Log, you must establish an administrative alert handler in your system.

Steps

  1. To create a criteria object for the Admin Alert Access Log, use dsconfig.

    If you are using the dsconfig tool in interactive mode, the menu items for the criteria operations are located in the Standard objects menu.

    Example:

    For this example, we want to log only write operations that target user entries. The following command matches any of the specified operations whose target entry matches the filter (objectClass=person).

    $ bin/dsconfig create-request-criteria --type simple \
      --criteria-name “User Updates” \
      --set operation-type:add \
      --set operation-type:delete \
      --set operation-type:modify \
      --set operation-type:modify-dn \
      --set “any-included-target-entry-filter:(objectClass=person)”
  2. To create a log publisher of type admin-alert-access, use dsconfig.

    Example:

    $ bin/dsconfig create-log-publisher \
      --publisher-name ”User Updates Admin Alert Access Log” \
      --type admin-alert-access \
      --set “request-criteria:User Updates” \
      --set include-request-details-in-result-messages:true \
      --set enabled:true