[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#4728) accesslog dont write attributes removing
surnu@alkohol.ee wrote:
> i made some test and found that if i use ldapmodify
> ldapmodify -x -W -ZZ -H 'ldap://example' -D "cn=admin,dc=example"
>
> dn: uid=user,ou=people,dc=example
> changetype: modify
> add: autoreply
> autoreply: TRUE
> modifying entry "uid=user,ou=people,dc=example"
>
> dn: uid=user,ou=people,dc=example
> changetype: modify
> delete: autoreply
> modifying entry "uid=user,ou=people,dc=example"
>
> and accesslog shows everything correct
>
> dn: reqStart=20061102130447.000000Z,cn=log,dc=example
> objectClass: auditModify
> structuralObjectClass: auditModify
> reqStart: 20061102130447.000000Z
> reqEnd: 20061102130447.000001Z
> reqType: modify
> reqSession: 153
> reqAuthzID: cn=admin,dc=example
> reqDN: uid=user,ou=people,dc=example
> reqResult: 0
> reqMod: autoReply:+ TRUE
> reqMod: entryCSN:= 20061102130447Z#000000#00#000000
> reqMod: modifiersName:= cn=admin,dc=example
> reqMod: modifyTimestamp:= 20061102130447Z
> entryUUID: 7658ab48-febe-102a-9f6c-19ea2369af21
> creatorsName: cn=log,dc=example
> createTimestamp: 20061102130447Z
> entryCSN: 20061102130447Z#000000#00#000000
> modifiersName: cn=log,dc=example
> modifyTimestamp: 20061102130447Z
>
> dn: reqStart=20061102130558.000000Z,cn=log,dc=example
> objectClass: auditModify
> structuralObjectClass: auditModify
> reqStart: 20061102130558.000000Z
> reqEnd: 20061102130558.000001Z
> reqType: modify
> reqSession: 153
> reqAuthzID: cn=admin,dc=example
> reqDN: uid=user,ou=people,dc=example
> reqResult: 0
> reqMod: autoReply:-
> reqMod: entryCSN:= 20061102130558Z#000000#00#000000
> reqMod: modifiersName:= cn=admin,dc=example
> reqMod: modifyTimestamp:= 20061102130558Z
> entryUUID: a041e758-febe-102a-9f6d-19ea2369af21
> creatorsName: cn=log,dc=example
> createTimestamp: 20061102130558Z
> entryCSN: 20061102130558Z#000000#00#000000
> modifiersName: cn=log,dc=example
> modifyTimestamp: 20061102130558Z
>
> but if i do same thing with phpldapadmin or any other php application i
> get acceslog
>
> dn: reqStart=20061102131503.000002Z,cn=log,dc=example
> objectClass: auditModify
> structuralObjectClass: auditModify
> reqStart: 20061102131503.000002Z
> reqEnd: 20061102131503.000003Z
> reqType: modify
> reqSession: 180
> reqAuthzID: uid=user,ou=people,dc=example
> reqDN: uid=user,ou=people,dc=example
> reqResult: 0
> reqMod: autoReply:+ TRUE
> reqMod: entryCSN:= 20061102131503Z#000000#00#000000
> reqMod: modifiersName:= uid=user,ou=people,dc=example
> reqMod: modifyTimestamp:= 20061102131503Z
> entryUUID: e55e6432-febf-102a-9f70-19ea2369af21
> creatorsName: cn=log,dc=example
> createTimestamp: 20061102131503Z
> entryCSN: 20061102131503Z#000000#00#000000
> modifiersName: cn=log,dc=example
> modifyTimestamp: 20061102131503Z
>
> dn: reqStart=20061102131511.000002Z,cn=log,dc=example
> objectClass: auditModify
> structuralObjectClass: auditModify
> reqStart: 20061102131511.000002Z
> reqEnd: 20061102131511.000003Z
> reqType: modify
> reqSession: 182
> reqAuthzID: uid=user,ou=people,dc=example
> reqDN: uid=user,ou=people,dc=example
> reqResult: 0
> reqMod: entryCSN:= 20061102131511Z#000000#00#000000
> reqMod: modifiersName:= uid=user,ou=people,dc=example
> reqMod: modifyTimestamp:= 20061102131511Z
> entryUUID: ea4cd596-febf-102a-9f71-19ea2369af21
> creatorsName: cn=log,dc=example
> createTimestamp: 20061102131511Z
> entryCSN: 20061102131511Z#000000#00#000000
> modifiersName: cn=log,dc=example
> modifyTimestamp: 20061102131511Z
>
> and if using ldap admin (http://ldapadmin.sourceforge.net/) then
> accesslog is also correct.
>
Sounds odd; can you provide a log at level "packets" of the request with
php? I suspect it's doing something like
dn: uid=user,ou=people,dc=example
changetype: modify
replace: autoreply
-
or
dn: uid=user,ou=people,dc=example
changetype: modify
delete: autoreply
autoreply: TRUE
-
which, although semantically equivalent to what you tried, could be handled differently by acesslog(and that would be a bug)
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati@sys-net.it
------------------------------------------