Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
LDAP change log entries z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
The LDAP change log entry contains information such as the change initiator, the affected user, group, or general resource, the type of update (add, modify, or delete), and the time and date of the change. It does not contain a list of the RACF® profile fields that were changed nor does it contain the new values for these fields. In the case of a change to the standard or conditional access list of a general resource, the changes attribute of the change log entry indicates that a general resource profile was added, modified or deleted. The changes attribute does not identify the user or group permission that was added, modified, or removed. In the case of a password or password phrase change, the changes attribute
of the change log entry identifies the password or password phrase
field as the changed field. The changes attribute
does not contain the actual password or password phrase value
but contains one of the following values:
Example 1: An administrator issues the following command
for a revoked user who is eligible for both password and password
phrase enveloping.
If
successful, this command causes three entries to be created
to log the user profile changes.
If
successful, this command causes two entries to be created to
log the user profile changes.
If
successful, this command causes one entry to be created to
log the user profile changes. This entry contains information about
the change in the user's name and removal of the password phrase.For more information about the LDAP change log, see "Change logging" in z/OS IBM Tivoli Directory Server Administration and Use for z/OS. |
Copyright IBM Corporation 1990, 2014
|