[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: memberof overlay surpresses accesslog olcAccessLogOps = all

Jan Prinsloo wrote:
> I have a standalone openldap 2.4.26 setup.

You really should upgrade.

> We would like to use the accesslog overlay for auditing.

This is a very good idea. Which costs some performance though.

> I have enabled the accesslog overlay with olcAccessLogOps = all. This
> writes all groups of operations (writes, reads, session) to cn=accesslog
> without issues. We would also like to make use of the memberof overlay. The
> issue we're seeing is that once you enable the memberof overlay, only
> search, unbind, add operations are logged to accesslog. We do not see
> delete, modify, modrdn values logged. If I then change the logops to
> "olcAccessLogOps = add delete modify modrdn" we see those operations
> logged, but no bind, search, unbind operations (ie. no reads or session).

I'd suggest to first upgrade to a recent version.

After that you could try fiddling with the order of the overlays. Personally
I've added slapo-memberof and slapo-refint *after* slapo-accesslog.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature