Is there a good framework or library for auditing LDAP/Security management behavior in Java?

I asked a similar question earlier, and this is an extension to it. Basically, we need to have auditable logs for legal reasons of permission/user management and authentication attempts. Our permissions and users are stored in an LDAP service, and I was wondering what auditing libraries were available for usage? Are there any? Is it better to use an auditing library that is a little higher level? 开发者_开发百科Are there any good resources on what auditing should be and how it is traditionally done?

For me, what you are looking for, is particular for each Directory server. Because 'Authentication' is more defined as an interface than a feature, and 'Permissions' are just non standard.

Authentication is normalized via "simple bind" or "SASL", but the behaviour of the server (log) are not a standard as far as I know.

Permissions, I mean Access Control List (ACLs) are a non standard feature. The way permissions are implemented in Active directory, is different from the way they are implemented in Sun e-Directory (special attributes). For example in OpenLDAP permissions are implented in a kind of access filter.

So my advice is to start from you Directory Server and have a look on what exists.

LDAP keeps its own audit logs, at least OpenLDAP does, or can be made to.