2.4.3 Using the ACDI Time Machine
- Yuriy Ostrovskiy (Deactivated)
Hello. In this video, you will learn how to use Time Machine and how to compare objects.
On the top bar, we can see the “Select index source” feature, where you can check change snapshots from which LDAP connection you want to audit. In the dropdown list, you’ll find eDirectory, Active Directory, and the custom LDAP server from the second IDM.
Once the right option is selected, the switcher switches the Audit Events on or off, the number of snapshots and date picker are active.
On the timeline below, you’ll see icons for seven snapshots made during the selected period, namely during the last 7 days.
The first one on the left is the LDAP connection to eDirectory or Active Directory.
So let's assume you want to view changes for a user with CN “astrand.”
The search found a few matches for your entry, and you want to investigate all changes for the “astrand” user located in “Ou anomaly users O ACD4.” Left-click, and on the right side you’ll see attributes and values for this entry.
Currently, there is data taken from the LDAP directly. However, you can see here two additional icons have appeared in the timeline. These are the audit events. Let's take a closer look at what was changed.
OK, someone enabled the user, but 40 minutes ago it was disabled.
So, this is how you can check changes. Here is the full path: the full DN of location of the selected entry can be seen at the bottom. Moreover, you are able to travel back and forth through this tree using these icons.
Let’s assume you don’t need audit events. Then you can just turn it off here and will see only the snapshots.
This window can be minimized by clicking the dash symbol and/or go back to the previous object by clicking the arrow symbol.
OK, let's now check the group “admins” - “admins ou groups O ACD4.”
So, here you can see and track changes in this critical group.
Let’s assume you want to check only group memberships, i.e. the member attribute.
With this switcher you turn the compare mode on and, as a result, the data in the window gets split into two different parts. Additionally, you can define which data from which snapshot connection you want to use to compare or directly through LDAP.
Let's compare the snapshot from November 25th with today's snapshot. You can see lots of values here, but you want to see only different ones. This is made possible by using the switcher “show only not equal.”
So, you see that the only change made in the group is that on the 25th of November where there was no user with the CN “Valerius.”
Let's check changes for this user. First, we need to switch off the compare mode and then get back to the selector.
OK, there are three changes: additional group membership, login was enabled, and this user logged into the system.
If you want to see service attributes, you can enable this option by setting the switcher to ‘on.’
After this, you will get the attribute’s data as modifier’s name, and some other attributes which are not displayed by default.
Another significant feature is selecting a certain snapshot and exporting data from the current or selected state to CSV or LDIF format. You can use the exported data later to process it with a third-party software.
If you need to select a longer time period, you must extend the selected time period and click “Refresh.”
You now see many more snapshots on the timeline as well as when an object has appeared in the system.
So this is how you can audit states of objects within a certain time period and compare them to get the data about changes made. This works the same for both for eDirectory and Active Directory connections.
The list of the connections is to be found in “Administration - Data Collection.”
The order, names, and settings of connections you are able to find in “Audit server - Indices Settings.”
So here are alias, “Name of LDAP connection” and investigate that connection in the “Core Engine” submenu and then in “LDAP Connections.”
That’s all. Thank you for your time and take care.
Should you have any questions or require any assistance, please do not hesitate to contact us at any time swsupport.skypro@skypro.ch