{"id":37139310,"url":"https://github.com/aidan-/ldap-access-parser","last_synced_at":"2026-01-14T16:03:27.968Z","repository":{"id":65141069,"uuid":"44387458","full_name":"aidan-/ldap-access-parser","owner":"aidan-","description":"A simple utility to parse LDAP (389ds, RHDS, Fedora DS, etc) access logs into contextual aware events for analysis","archived":false,"fork":false,"pushed_at":"2016-04-04T10:46:16.000Z","size":9,"stargazers_count":14,"open_issues_count":1,"forks_count":10,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-06-20T05:03:35.960Z","etag":null,"topics":["access-log","fedorads","ldap","ldap-access-parser","logging","openldap","parse"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aidan-.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-10-16T13:40:07.000Z","updated_at":"2024-03-28T13:27:38.000Z","dependencies_parsed_at":"2023-01-09T13:01:21.163Z","dependency_job_id":null,"html_url":"https://github.com/aidan-/ldap-access-parser","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/aidan-/ldap-access-parser","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aidan-%2Fldap-access-parser","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aidan-%2Fldap-access-parser/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aidan-%2Fldap-access-parser/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aidan-%2Fldap-access-parser/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aidan-","download_url":"https://codeload.github.com/aidan-/ldap-access-parser/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aidan-%2Fldap-access-parser/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28425597,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T15:24:48.085Z","status":"ssl_error","status_checked_at":"2026-01-14T15:23:41.940Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["access-log","fedorads","ldap","ldap-access-parser","logging","openldap","parse"],"created_at":"2026-01-14T16:03:27.440Z","updated_at":"2026-01-14T16:03:27.952Z","avatar_url":"https://github.com/aidan-.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"LDAP Access-log Parser [![Build Status](https://travis-ci.org/aidan-/ldap-access-parser.svg)](https://travis-ci.org/aidan-/ldap-access-parser/)\n======================\nLDAP Access-log Parser (LAP) is a simple program designed to parse 389 Directory Server (also Fedora Directory Server, Red Hat Directory Server, etc) access logs into individual context aware events ready to be sent to upstream services like ElasticSearch for further analysis.\n\nThis application doesn't handle the sending of data to specific endpoints, but that can easily be achieved by piping to something like [log-courier](https://github.com/driskell/log-courier) or [logstash](https://www.elastic.co/products/logstash).\n\nUsage\n-----\nUse the `-h` flag to view application usage.\n\n```\nUsage of ./lap:\n  -format string\n    \tformat to output log events.  possible values are 'json' or 'xml'. (default \"json\")\n  -tail\n    \ttail the log file to receive future events\n```\n\nYou can begin parsing logs with a simple command:\n```\n./lap -tail /path/to/access_log\n```\n\nThis continue to parse the file even if it gets rotated.\n\nDesign\n------\nThe applications functionality and output format tries to follow the design specification laid out [here](http://directory.fedoraproject.org/docs/389ds/design/audit-events.html) as much as possible, however there are a few use-cases which were not covered in the design spec that needed to be defined.\n\nMore detailed information about the access log format is available in the [Red Hat Directory Server documentation](https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.1/html/Configuration_and_Command_Reference/logs-reference.html).\n\nExample Output\n--------------\nGiven the raw access log input of:\n```\n[21/Apr/2009:11:39:55 -0700] conn=14 fd=700 slot=700 connection from 207.1.153.51 to 192.18.122.139\n[21/Apr/2009:11:39:55 -0700] conn=14 op=0 BIND dn=\"\" method=sasl version=3 mech=DIGEST-MD5\n[21/Apr/2009:11:39:55 -0700] conn=14 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress\n[21/Apr/2009:11:39:55 -0700] conn=14 op=1 BIND dn=\"uid=jdoe,dc=example,dc=com\" method=sasl version=3 mech=DIGEST-MD5\n[21/Apr/2009:11:39:55 -0700] conn=14 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn=\"uid=jdoe,dc=example,dc=com\"\n```\n\nThe JSON output would look like:\n```json\n{\"time\":\"21/Apr/2009:11:39:55 -0700\",\"client\":\"207.1.153.51\",\"server\":\"192.18.122.139\",\"connection\":14,\"ssl\":false,\"operation\":0,\"authenticateddn\":\"__anonymous__\",\"action\":\"BIND\",\"requests\":[\"BIND dn=\\\"\\\" method=sasl version=3 mech=DIGEST-MD5\"],\"responses\":[\"RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress\"]}\n{\"time\":\"21/Apr/2009:11:39:55 -0700\",\"client\":\"207.1.153.51\",\"server\":\"192.18.122.139\",\"connection\":14,\"ssl\":false,\"operation\":1,\"authenticateddn\":\"uid=jdoe,dc=example,dc=com\",\"action\":\"BIND\",\"requests\":[\"BIND dn=\\\"uid=jdoe,dc=example,dc=com\\\" method=sasl version=3 mech=DIGEST-MD5\"],\"responses\":[\"RESULT err=0 tag=97 nentries=0 etime=0 dn=\\\"uid=jdoe,dc=example,dc=com\\\"\"]}\n```\n\nand XML output would look like:\n```xml\n\u003cEvent\u003e\n    \u003cDateTime\u003e21/Apr/2009:11:39:55 -0700\u003c/DateTime\u003e\n    \u003cClient\u003e207.1.153.51\u003c/Client\u003e\n    \u003cServer\u003e192.18.122.139\u003c/Server\u003e\n    \u003cConnection\u003e14\u003c/Connection\u003e\n    \u003cSSL\u003efalse\u003c/SSL\u003e\n    \u003cOperation\u003e0\u003c/Operation\u003e\n    \u003cAuthenticatedDN\u003e__anonymous__\u003c/AuthenticatedDN\u003e\n    \u003cAction\u003eBIND\u003c/Action\u003e\n    \u003cRequests\u003e\n        \u003cRequest\u003eBIND dn=\u0026#34;\u0026#34; method=sasl version=3 mech=DIGEST-MD5\u003c/Request\u003e\n    \u003c/Requests\u003e\n    \u003cResponses\u003e\n        \u003cResponse\u003eRESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress\u003c/Response\u003e\n    \u003c/Responses\u003e\n\u003c/Event\u003e\n\u003cEvent\u003e\n    \u003cDateTime\u003e21/Apr/2009:11:39:55 -0700\u003c/DateTime\u003e\n    \u003cClient\u003e207.1.153.51\u003c/Client\u003e\n    \u003cServer\u003e192.18.122.139\u003c/Server\u003e\n    \u003cConnection\u003e14\u003c/Connection\u003e\n    \u003cSSL\u003efalse\u003c/SSL\u003e\n    \u003cOperation\u003e1\u003c/Operation\u003e\n    \u003cAuthenticatedDN\u003euid=jdoe,dc=example,dc=com\u003c/AuthenticatedDN\u003e\n    \u003cAction\u003eBIND\u003c/Action\u003e\n    \u003cRequests\u003e\n        \u003cRequest\u003eBIND dn=\u0026#34;uid=jdoe,dc=example,dc=com\u0026#34; method=sasl version=3 mech=DIGEST-MD5\u003c/Request\u003e\n    \u003c/Requests\u003e\n    \u003cResponses\u003e\n        \u003cResponse\u003eRESULT err=0 tag=97 nentries=0 etime=0 dn=\u0026#34;uid=jdoe,dc=example,dc=com\u0026#34;\u003c/Response\u003e\n    \u003c/Responses\u003e\n\u003c/Event\u003e\n```\n\nTODO/Notes\n-----\n- If a connection was initialized before the log monitoring began, the events associated with that connection number will be skipped.  This should probably be a configurable option.\n- Connections that disconnect without any operations do not get outputted as an event.  Is this okay?\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faidan-%2Fldap-access-parser","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faidan-%2Fldap-access-parser","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faidan-%2Fldap-access-parser/lists"}