I haven't looked into ldap much yet, but is it possible for your ldap server to log to syslog when a user is added?
On Tue, Jun 15, 2010 at 2:17 PM, Igor Widlinski <igor.widlin...@eigendev.com> wrote: > Hey Everyone, > > Is there a way to monitor changes done to LDAP database ie: new users, new > groups added. > > I could use ossec to monitor LDAP database files located in /var/lib/ldap, > but as they are one big monolith, any change to db file would trigger an > alert (ie. user changing their password). > > Previously we had a program called "osiris" which was great at figuring out > when new users/groups were added to ldap (but was bad at everything else). > > I wonder if there is a way to do this with ossec?? Also thinking to run a > command like "getent passwd > /etc/password.ldap" and "getent group > > /etc/group.ldap" and use ossec to > check for changes in those files. This might work.. > > Wonder if anybody else done this. > > Igor W > >
