Thanks, Simo. It solves my concern, On Thu, Feb 14, 2013 at 7:21 PM, Simo Sorce <s...@redhat.com> wrote: > On Thu, 2013-02-14 at 12:50 +0530, Rajnesh Kumar Siwal wrote: >> IPA is going to be very critical Server for any environment. >> Do we have proper logging of who as locked whom, Who has created a >> sudo policy, who has allowed access to whom etc ? > > You can see this information by querying LDAP directly. > > The 'creatorsName' attribute holds the identity of the user that created > the object. > > The 'createTimestamp' attribute holds the time at which the object was > created. > > The 'modifiersName' attribute holds the identity of the user that last > modified the object. > > The 'modifyTimestamp' attribute holds the time at which the object was > modified. > > All these attributes are operational, so you normally do not see them > unless you explicitly ask for them during an ldap search. Some LDAP > browsers allow you to add a list of attributes to ask for explicitly. > > > > To see these attributes for a user named foo for example you can run > this query: "ldapsearch -Y GSSAPI uid=foo creatorsName createTimestamp > modifiersName modifyTimestamp" > > add a '*' at the end if you also want to fetch regular attributes. > This command assumes you have kerberos credentials (-Y GSSAPI tells > ldapsearch to use them to auth to the server). > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York >
-- Regards, Rajnesh Kumar Siwal _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users