LDAP Auth. and User logging on ACNS5.x

mbaschieri · ‎11-03-2003

This topic is out of my experience, unfortunately the docs I've read about was not clear to me.

Using LDAP auth. on a CE with acns5.x can I have user activity logged with username instead of ip address of the user in the output?

Tnx,

Max.

sbilgi · ‎11-07-2003

You can find some information here:

http://www.cisco.com/en/US/products/sw/conntsw/ps491/index.html

Bryan.Carter · ‎11-07-2003

Try looking at the transaction-logs format "extended-squid" command. This will give you the userid in the log files. There are several other ways, but this seemed to be the simplest for us.

Good luck!

Bryan

mbaschieri · ‎11-08-2003

Tnx Brian,

I'm referring to the following statements in the Acns5.1 manual:

"After a user has been authenticated through LDAP, all transaction logs generated by the Content Engine for that user contain user information. If the Content Engine is acting in proxy mode, the user ID is included in the transaction logs. If the Content Engine is acting in transparent mode, the user IP address is included instead."

and

"The Extended Squid format logs the associated username for each record in the log file in addition to the fields logged by the Squid-style format, and is used for billing purposes. In this format the Rfc931 field associated with the Squid format (Table 16-4) is used to log the authorized user. This field always contains a "-" (dash) if no user information is available."

Now, I sure need to use tranparent caching and I'd like to use ldap auth. too, but following the manual it seems that I'm not going to have userid logging this way.

Since it seems pretty silly that I've got username logging using ntlm auth. but not with ldap one, I was wondering about an error in the manual.

Upon your experience, is my guess any right or (badly) is the manual to be the right one?

Thanks,

Max.