...
| Log Line | Symptom | Status | ||
|---|---|---|---|---|
| No Roles retrieved from database | Something has gone seriously wrong. Open-AudIT cannot read the 'roles' table. | error | ||
| No Orgs retrieved from database. | Something has gone seriously wrong. Open-AudIT cannot read the 'orgs' table. | error | ||
| $x LDAP servers retrieved from database. | Where $x is a number. This many LDAP entries are in the DB and have been retrieved. | debug | ||
| An invalid LDAP server type was supplied $ldap->type skipping. | The LDAP server type is invalid. It should be either 'active directory' or 'openldap'. | error | ||
| An invalid LDAP version was supplied $ldap->version, skipping. | Usually should be set to 3. | error | ||
| LDAP connect failed for LDAP server at $ip. Check your host, port and secure settings. Attempted to use $ldap_connect_string | The LDAP server could not be connected to. At all. Check it's pingable from the Open-AudIT server. Check the correct port is open to the Open-AudIT server. An nmap from the Open-AudIT server will show this. Substitute your LDAP servers IP for $ip and it's port (usually 389) for $port. Try:
| notice | ||
| LDAP server could not be reached at $ldap->host, skipping. | See above. | notice | ||
| Invalid user supplied credentials for LDAP server at $ldap->host, skipping. | The credentials supplied by the user have failed. | info | ||
| Could not bind to LDAP server at $ldap->host, skipping. | Some other error has occurred when attempting to bind to the LDAP server. It is contactable (ie, the 'connect' above has worked), but for some other reason, binding has not occurred. Check the logs on the LDAP server. | info | ||
| Successful bind using credentials for LDAP server at $ldap->host | The LDAP server was connected to and the user credentials accepted for bind. | debug | ||
| Invalid DN supplied credentials for LDAP server at $ldap->host, skipping | The administrator supplied credentials to bind to the LDAP server, but they have not been accepted by the LDAP sevrer. Double check the credentials work on the LDAP server, and then check (or reset them) in the Open-AudIT LDAP Server entry. | info | ||
| Bound to LDAP using supplied dn details: $ldap->dn_account | The administrator supplied credentials that were successfully used to bind to LDAP. | debug | ||
| User $username in LDAP $ldap->name but not in Open-AudIT and not using LDAP for roles. Trying next LDAP Server. | The user that was specified exists in LDAP, but Open-AudIT is not configured to consume the LDAP groups for roles and that user does not exist within Open-AudIT. Either select "Use LDAP for Roles" on the Open-AudIT LDAP Server screen or create this user within Open-AudIT and assign roles and orgs. | info | ||
| LDAP search successful for user $username at $ldap->host | LDAP was searched for this user and their account was found. | debug | ||
| LDAP entries retrieval successful for user $username at $ldap->host | The users details were retrieved from LDAP. | debug | ||
| LDAP entries retrieval failed for user $username at $ldap->host | The users details were not retrieved from LDAP. Check the LDAP server logs. | info | ||
| LDAP search failed for user $username at $ldap->host | LDAP was searched for this user and their account was not found. Check the LDAP server logs. The user credentials have worked, but the user wasn't found. Also check you have specified the correct Base DN attribute when you created the LDAP Server in Open-AudIT. | info | ||
| Checking AD group membership for $user->name | Information only. | debug | ||
| User $username is a member of LDAP group for Role $role->ad_group | The user is in the LDAP group that matches this Role. | debug | ||
| No AD group associated with role $role->name, skipping. | This Role has no AD group specified. Check the roles details within Open-AudIT. Roles | debug | ||
| User $username is a member of LDAP group for Org $org->ad_group | The user is in the LDAP group that matches this Org. | debug | ||
| No AD group associated with org $org->name, skipping. | This Org has no AD group specified. Check the roles details within Open-AudIT. Orgs | debug | ||
| LDAP search for role $role->ad_group succeeded, $username is in group. | The user is in the LDAP group that matches this Role. | debug | ||
| LDAP search for role $role->ad_group succeeded, $username is NOT in group. | The user is not in the LDAP group that matches this Role. | debug | ||
| LDAP search failed for groups (roles) $user->name at $ldap->host | The search for group on the LDAP server failed. Check the LDAP server logs. Have you created these groups (for roles and orgs) on the LDAP server and assigned LDAP users to them? | debug | ||
| LDAP search for org $org->ad_group succeeded, $username is in group. | The user is in the LDAP group that matches this Org. | debug | ||
| LDAP search for org $org->ad_group succeeded, $username is NOT in group. | The user is not in the LDAP group that matches this Org. | debug | ||
| LDAP search failed for groups (orgs) $user->name at $ldap->host | The search for group on the LDAP server failed. Check the LDAP server logs. Have you created these groups (for roles and orgs) on the LDAP server and assigned LDAP users to them? | debug | ||
| No AD group associated with org $org->name, skipping. | This Org has no AD group specified. Check the roles details within Open-AudIT. Have you created these groups (for orgs) on the LDAP server and assigned LDAP users to them? | debug | ||
| New user $username logged on (AD account) | A new user logged in to Open-AudIT and was authenticated and authorized by the LDAP sever. That user was then created in Open-AudIT and logged in. Success. | notice | ||
| Existing user $username logged on (AD account). | An existing Open-AudIT user was authenticated and authorized by the LDAP server. Success. | debug | ||
| User $username exists in LDAP $ldap->name and attempted to logon, but does not belong to any OA groups for Roles or Organisations. | The user is in LDAP and their credentials are valid, but is not in any of the required Open-AudIT LDAP groups. | info | ||
| User $username exists in LDAP $ldap->name and attempted to logon, but does not belong to any OA groups for Organisations. | The user is in LDAP and their credentials are valid, but is not in any of the Open-AudIT LDAP groups for Orgs. | info | ||
| User $username exists in LDAP $ldap->name and attempted to logon, but does not belong to any OA groups for Roles. | The user is in LDAP and their credentials are valid, but is not in any of the Open-AudIT LDAP groups for Roles. | info |
...