[Date Prev][Date Next]
Tracking down who made entry deletions from the directory.
- To: openldap-software@OpenLDAP.org
- Subject: Tracking down who made entry deletions from the directory.
- From: Michael Donnelly <email@example.com>
- Date: Fri, 17 Jan 2003 17:59:30 -0800
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2.1) Gecko/20021130
I'm running OpenLDAP 2.1.12 with a Berkeley DB 4.1.25 back-end. I've
got slurpd and sladp configured on my master server, and slapd
configured on my replica server. Everything is working correctly and
I'm not having an ACL issues.
When I perform any ADD, MODIFY, or MODRDN commands, the replog.log file
(and entries on my replica server) show the information about (A) when
it happened and (B) which DN was used for this operation. It's right
there in "modifyTimestamp" and "modifiersName". I like this, it's useful.
When I perform a DELETE, though, the information about which DN was used
to make the deletion, and when it occured, is not passed to the replica
server. It makes sense that a replica doen't need to update two
attributes for a directory entry that's about to be deleted. But on
the other hand, it sure would be useful if there were a way to track who
made the deletion, too.
Is there a way to track who deleted an LDAP entry with the existing
version of slapd or slurpd, without using the verbose and
performance-stealing debug mode?
Does it make sense to request this as an option for a future release?
If the answer to both of these is "no", how do you suggest that one goes
about tracking who deleted an entry?
Thanks in advance.