[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Trace the change on the directory [auf Viren überprüft]


Timur Izhbulatov schrieb:
Is it possible on openLdap 2.3.18 to trace the change on the directory like the new entry or updated entry ? it's not for replication , I just want to build a change log file.
See man slapo-accesslog
I tried this and it works.

database        bdb
suffix          "ou=log,ou=foo,c=de"
directory       /opt/mail/var/log-data
index reqStart eq

access to dn.base="ou=log,ou=foo,c=de"
 by * write
access to dn.subtree="ou=log,foo,c=de"
 by * write

overlay accesslog
logdb "ou=log,ou=foo,c=de"
logops writes

But I could define another acl then the one above (which is very loose), even "by users write" did not work.

=> access_allowed: add access to "ou=log,ou=foo,c=de" "children" requested
=> dn: [5] ou=log,ou=foo,c=de
=> acl_get: [5] matched
=> acl_get: [5] attr children
=> acl_mask: access to entry "ou=log,ou=foo,c=de", attr "children" requested
=> acl_mask: to all values by "", (=0)
<= check a_dn_pat: users
<= acl_mask: no more <who> clauses, returning =0 (stop)
=> access_allowed: add access denied by =0
bdb_add: no write access to parent