OVD access_log : Who is connecting to my OVD instance ?
How do you know who is connecting to your OVD instance and using what userID (DN) ?
Well I was troubleshooting client connection issue, where an application was unable to authenticate via OVD. First step is to identify if client requests are hitting to OVD server or not and on what port (OVD by default listen on SSL/LDAP 7501 and NON-SSL/LDAP 6501).
All the clients connecting OVD server should be recorded in access_log file of OVD which is under $ORACLE_INSTANCE/ diagnostics/ logs/ OVD/ [ovd1]/ i.e.
$ORACLE_INSTANCE/diagnostics/logs/OVD/[ovd1]/access_log
Note: By default access_log in OVD 11g is blank and is not updated as Logger com.octetstring.accesslog is set to WARNING
To list client accessing OVD and action requested (LDAPBIND, LDAPSEARCH, LDAPADD etc) in access_log
1. Change Logger com.octetstring.accesslog to NOTIFICATION1:INFO (using Fusion Middleware Control /em)
2. Restart OVD server (opmnctl stopall; opmnctl startall)
Note: Oracle acquired OctetString in 2005 and renamed OctectString’s Virtual Directory Engine to Oracle Virtual Directory (OVD)
Sample access_log from OVD
________
2013-08-12T10:43:51.180+00:00] [octetstring] [NOTIFICATION] [] [com.octetstring.accesslog] [tid: 13] [ecid: 0000K1r83M76aMW_Lxo2ye1I2WGa000000,0] conn=10 fd=0 slot=0 connection from 192.168.1.1:64883 to 192.168.1.21:7501 port 7501
[2013-08-12T10:44:01.553+00:00] [octetstring] [NOTIFICATION] [OVD-20038] [com.octetstring.accesslog] [tid: 14] [ecid: 0000K1rHbUB6aMW_Lxo2ye1I2WGa000002,0] conn=10 op=0 BIND dn=cn=orcladmin method=0 version=3
_______
Note : Here 192.168.1.1 is IP address of client, 192.168.1.21 is IP address of OVD (7501 is OVD port), and request is LDAP BIND using DN as cn=orcladmin
.
Related
- 553331.1 Understanding Entries In Oracle Virtual Directory (OVD) Access.Log
About the Author Atul Kumar
Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.