OVD access_log : Who is connecting to my OVD instance ?

How do you know who is connecting to your OVD instance and using what userID (DN) ?

Well I was troubleshooting client connection issue, where an application was unable to authenticate via OVD. First step is to identify if client requests are hitting to OVD server or not and on what port (OVD by default listen on SSL/LDAP 7501 and NON-SSL/LDAP 6501).

All the clients connecting OVD server should be recorded in access_log file of OVD which is under $ORACLE_INSTANCE/ diagnostics/ logs/ OVD/ [ovd1]/ i.e.

$ORACLE_INSTANCE/diagnostics/logs/OVD/[ovd1]/access_log 

 

Note: By default access_log in OVD 11g is blank and is not updated as Logger com.octetstring.accesslog is set to WARNING

To list client accessing OVD and action requested (LDAPBIND, LDAPSEARCH, LDAPADD etc) in access_log

1. Change Logger com.octetstring.accesslog to NOTIFICATION1:INFO (using Fusion Middleware Control /em)

2. Restart OVD server (opmnctl stopall; opmnctl startall)

Note: Oracle acquired OctetString in 2005 and renamed OctectString’s Virtual Directory Engine to Oracle Virtual Directory  (OVD)

 

 

Sample access_log from OVD

________

2013-08-12T10:43:51.180+00:00] [octetstring] [NOTIFICATION] [] [com.octetstring.accesslog] [tid: 13] [ecid: 0000K1r83M76aMW_Lxo2ye1I2WGa000000,0] conn=10 fd=0 slot=0 connection from 192.168.1.1:64883 to 192.168.1.21:7501 port 7501

[2013-08-12T10:44:01.553+00:00] [octetstring] [NOTIFICATION] [OVD-20038] [com.octetstring.accesslog] [tid: 14] [ecid: 0000K1rHbUB6aMW_Lxo2ye1I2WGa000002,0] conn=10 op=0 BIND dn=cn=orcladmin method=0 version=3

_______

Note : Here 192.168.1.1 is IP address of client,  192.168.1.21 is IP address of OVD (7501 is OVD port), and request is LDAP BIND using DN as cn=orcladmin

.

 

Related 

  • 553331.1 Understanding Entries In Oracle Virtual Directory (OVD) Access.Log

About the Author Masroof Ahmad

Leave a Comment: