Skip to end of banner
Go to start of banner

2.4.3 Using the ACDI Time Machine

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Hello. In this video, you will learn how to use Time Machine and how to compare objects.

On the top bar, we can see the “Select index source” feature, where you can check change snapshots from which LDAP connection you want to audit.  In the dropdown list, you’ll find eDirectory, Active Directory, and the custom LDAP server from the second IDM.

Once the right option is selected, the switcher switches the Audit Events on or off, the number of snapshots and date picker are active.

On the timeline below, you’ll see icons for seven snapshots made during the selected period, namely during the last 7 days.

The first one on the left is the LDAP connection to eDirectory or Active Directory.

So let's assume you want to view changes for a user with CN  “astrand.”

The search found a few matches for your entry, and you want to investigate all changes for the “astrand” user located in “Ou anomaly users O ACD4.”  Left-click, and on the right side you’ll see attributes and values for this entry.

Currently, there is data taken from the LDAP directly. However, you can see here two additional icons have appeared in the timeline. These are the audit events. Let's take a closer look at what was changed.

OK, someone enabled the user, but 40 minutes ago it was disabled.

So, this is how you can check changes. Here is the full path: the full DN of location of the selected entry can be seen at the bottom. Moreover, you are able to travel back and forth through this tree using these icons.

Let’s assume you don’t need audit events. Then you can just turn it off here and will see only the snapshots.

This window can be minimized by clicking the dash symbol and/or go back to the previous object by clicking the arrow symbol.

OK, let's now check the group “admins” - “admins ou groups O ACD4.”

So, here you can see and track changes in this critical group.

Let’s assume you want to check only group memberships, i.e. the member attribute.

With this switcher you turn the compare mode on and, as a result, the data in the window gets split into two different parts. Additionally, you can define which data from which snapshot connection you want to use to compare or directly through LDAP.

Let's compare the snapshot from November 25th with today's snapshot. You can see lots of values here, but you want to see only different ones. This is made possible by using the switcher “show only not equal.”

So, you see that the only change made in the group is that on the 25th of November where there was no user with the CN “Valerius.”

Let's check changes for this user. First, we need to switch off the compare mode and then get back to the selector.

OK, there are three changes: additional group membership, login was enabled, and this user logged into the system.

Should you have any questions or require any assistance, please do not hesitate to contact us at any time swsupport.skypro@skypro.ch

  • No labels