[Date Prev][Date Next] [Chronological] [Thread] [Top]

Tracking down who made entry deletions from the directory.

I'm running OpenLDAP 2.1.12 with a Berkeley DB 4.1.25 back-end. I've got slurpd and sladp configured on my master server, and slapd configured on my replica server. Everything is working correctly and I'm not having an ACL issues.

When I perform any ADD, MODIFY, or MODRDN commands, the replog.log file (and entries on my replica server) show the information about (A) when it happened and (B) which DN was used for this operation. It's right there in "modifyTimestamp" and "modifiersName". I like this, it's useful.

When I perform a DELETE, though, the information about which DN was used to make the deletion, and when it occured, is not passed to the replica server. It makes sense that a replica doen't need to update two attributes for a directory entry that's about to be deleted. But on the other hand, it sure would be useful if there were a way to track who made the deletion, too.

Is there a way to track who deleted an LDAP entry with the existing version of slapd or slurpd, without using the verbose and performance-stealing debug mode?

Does it make sense to request this as an option for a future release?

If the answer to both of these is "no", how do you suggest that one goes about tracking who deleted an entry? Thanks in advance.