[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Antw: Re: Q: accesslog and replicated changes
>>> Quanah Gibson-Mount <quanah@zimbra.com> schrieb am 15.04.2016 um 03:40 in
Nachricht <92BBFC2841F84321102D00F6@[192.168.1.19]>:
> --On Thursday, April 14, 2016 9:25 AM +0200 Ulrich Windl
> <Ulrich.Windl@rz.uni-regensburg.de> wrote:
>
>> Hello!
>>
>> I have configured accesslog to log all changes to an LDAP server, and
>> that seems to work for months. Recently I noticed that that there wee no
>> new entries for more than a week. Usually there are several entries per
>> day, because with password policy every bad login attempt is logged. As
>> we have three multi-master servers, I wonder whether changes made to
>> other servers and replicated to the local server will be logged by
>> accesslog also. Are the password policy updates (which are somewhat
>> special) also replicated to all servers?
>
> Have you read over the slapo-ppolicy(5) man page?
You answered a question with a question; from what I read it should be replicated in a MMR environment:
--
Note that the current IETF Password Policy proposal does not define how
these operational attributes are expected to behave in a replication
environment. In general, authentication attempts on a slave server only
affect the copy of the operational attributes on that slave and will
not affect any attributes for a user's entry on the master server.
Operational attribute changes resulting from authentication attempts on
a master server will usually replicate to the slaves (and also over-
write any changes that originated on the slave). These behaviors are
not guaranteed and are subject to change when a formal specification
emerges.
--
>From my understanding changes to one master shopuld be replicated to other masters.
Open is the question whether there is any special treatment of ppolicy entries for accesslog.
Regards,
Ulrich
>
> <http://www.openldap.org/software/man.cgi?query=slapo-ppolicy&apropos=0&sektion=
> 0&manpath=OpenLDAP+2.4-Release&format=html>
>
> The "OPERATIONAL ATTRIBUTES" section is interesting. I can't tell how it's
> supposed to operate in an MMR environment.
So maybe read the manual also ;-)
Ulrich