Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 8): Bug 1777088
```text Description of problem:
Provide a timestamp of when each host last contacted IPA. This can probably be done leveraging SSSD' behavior as it uses the host principal once in a while so ipa-kdc could log that.
Metadata Update from @fcami: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1777088
As of now the information is only available from 389-DS access log. The DN of a successful bind with GSSAPI is encoded as RESULT entry with err=0 and tag=97. The result line contains the full bind DN.
RESULT
err=0
tag=97
[29/Nov/2019:11:26:52.111345585 +0100] conn=46 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [29/Nov/2019:11:26:52.120406765 +0100] conn=46 op=1 RESULT err=14 tag=97 nentries=0 etime=0.009121209, SASL bind in progress [29/Nov/2019:11:26:52.120501214 +0100] conn=46 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [29/Nov/2019:11:26:52.121421096 +0100] conn=46 op=2 RESULT err=14 tag=97 nentries=0 etime=0.000978548, SASL bind in progress [29/Nov/2019:11:26:52.121610430 +0100] conn=46 op=3 BIND dn="" method=sasl version=3 mech=GSSAPI [29/Nov/2019:11:26:52.122045705 +0100] conn=46 op=3 RESULT err=0 tag=97 nentries=0 etime=0.000476560 dn="fqdn=ipaserver.ipa.example,cn=computers,cn=accounts,dc=ipa,dc=example"
Login to comment on this ticket.