Antw: Re: log_rdns.patch

["Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>]

>>> Howard Chu <hyc@symas.com> schrieb am 09.03.2016 um 09:05 in Nachricht
<56DFD95B.5080508@symas.com>:
> A. Schulze wrote:
>>
>> Hi again,
>>
>> this is my third and last patch I send today :-)
>>
>> I compiled openldap with '--enable-rlookups' and set 'reverse-lookup on' in
>> slapd.conf
>> I like to see the remote hostname logged. That didn't work somehow.
>> ( I wrote this patch months ago and could not describe the real problem 
> anymore)
>>
>>
>> Anyway: the patch modify log output:
>>
>>    reverse-lookup off:
>>      conn=4846 fd=42 ACCEPT from IP=127.0.0.1:46058 (IP=127.0.0.1:389)
>>
>>    reverse-lookup on:
>>      conn=4191 fd=18 ACCEPT from localhost (IP=127.0.0.1:389)
>>
>> I never tested with ldapi:// connections.
>> Also I expect the patch is not optimal for performance. But it works here in 
> a
>> small environment.
> 
> Indeed, in a busy environment the DNS resolver itself is too slow for slapd. 
> 
> I've got no particular comment on this patch since I never enable reverse 
> lookups. But IMO, this sort of thing is best left to a logfile 
> postprocessor, 
> because handling it directly in slapd will be too slow.

The argument against (if the postprocessing is significantly after logging the IPs) is that with dynamic IP adresses, it's not clear how the assignment actually was at the time of logging.

Regards,
Ulrich