It solves my concern,
On Thu, Feb 14, 2013 at 7:21 PM, Simo Sorce <s...@redhat.com> wrote:
> On Thu, 2013-02-14 at 12:50 +0530, Rajnesh Kumar Siwal wrote:
>> IPA is going to be very critical Server for any environment.
>> Do we have proper logging of who as locked whom, Who has created a
>> sudo policy, who has allowed access to whom etc ?
> You can see this information by querying LDAP directly.
> The 'creatorsName' attribute holds the identity of the user that created
> the object.
> The 'createTimestamp' attribute holds the time at which the object was
> The 'modifiersName' attribute holds the identity of the user that last
> modified the object.
> The 'modifyTimestamp' attribute holds the time at which the object was
> All these attributes are operational, so you normally do not see them
> unless you explicitly ask for them during an ldap search. Some LDAP
> browsers allow you to add a list of attributes to ask for explicitly.
> To see these attributes for a user named foo for example you can run
> this query: "ldapsearch -Y GSSAPI uid=foo creatorsName createTimestamp
> modifiersName modifyTimestamp"
> add a '*' at the end if you also want to fetch regular attributes.
> This command assumes you have kerberos credentials (-Y GSSAPI tells
> ldapsearch to use them to auth to the server).
> Simo Sorce * Red Hat, Inc * New York
Rajnesh Kumar Siwal
Freeipa-users mailing list