On 6/25/19 7:08 PM, Quanah Gibson-Mount wrote:Another way to do this would be to set up an accesslog database backend and the slapo-accesslog overlay on your primary DB, and log all operations (not just success). This would also allow you to inspect what values the client is providing.AFAIK this only helps if the modify request reaches the backend. If the slapd frontend already rejects a request (e.g. invalid DN or schema violation) there is no auditModify entry to look at.
In this case, it's that the value provided violates the SYNTAX rule, it should be logged.
--Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>