[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: starting of TLS not logged (ITS#3281)

To: openldap-its@OpenLDAP.org
Subject: Re: starting of TLS not logged (ITS#3281)
From: h.b.furuseth@usit.uio.no
Date: Mon, 25 Jul 2005 05:20:47 GMT

Oops, I didn't notice that "(ITS#3281)" was missing in Subject.
Please reply to this message instead of the previous one.


Ulrich Windl writes:
> OpenLDAP does not log start of TLS, (...)

Here is a suggestion for a patch to CVS HEAD:

  http://folk.uio.no/hbf/OpenLDAP/statslog.diff

It needs review from someone who understands the statement

   if (send_ldap_response( op, rs ) == SLAP_CB_CONTINUE )

I took it from elsewhere in result.c without knowing what it does.


I've split the patch in two parts:

- Patch #1.

  Add missing Statslog() statements (loglevel stats/stats2):
  "ABANDON", "STARTTLS", "CANCEL", "WHOAMI", "PASSMOD".
  "TLS established" (in addition to STARTTLS and its RESULT,
  and with only "conn=" in front, not "op=").
  "EXT oid=..." for unsupported extended operations.
  "RESULT" for SASL bind, "RESULT oid=..." for extended response.
  "INTERM oid=..." for intermediate responses (loglevel stats2).

  That misses some significant connection events, so:

- Patch #2.

  In Statslog output "conn=xx fd=yy closed", append the reason in
  "()" unless client or server closed the connection after Unbind.
  Currently known reasons are "connection lost", "slapd shutdown",
  "idletimeout", "operations error", "TLS negotiation failure",
  "SASL layer install failure", "connection lost on write".

Still missing Statslog output from a number of failed requests,
e.g. unrecognized critical controls and bad base DNs.  That would
take more thorough Statslog revamping, so I'll get back to it
later.

-- 
Hallvard
For sale: Parachute. Never opened, used once, slightly stained.

Prev by Date: Re: (ITS#3852) Monitor DB Location in config file
Next by Date: (ITS#3882) Bug: attribute 'hasSubordinates' can not be searhced for
Index(es):
- Chronological
- Thread