Idea ID: 2786855

Log name of driver as modifier/initiator instead of server name

Status: Waiting for Votes

Waiting for Votes

See status update history

When a driver modifies attributes and objects, the server name is seen as the initiator in e.g. Sentinel.
When you have more than 1 driver this makes it impossible to know which driver made what change and makes troubleshooting dependent on IDM driver trace files which causes performance issues.

Instead of the server name, the actual driver DN should be logged as the modifier/initiator for changes that the driver makes.

E.g. if the driver changes Given Name, then it should say so in the audit data, cn=my driver,cn=driverset,o=system instead of cn=myserver,o=system...

This would increase both security and usability and make troubleshooting much easier.

Tags: