[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: debug incoming modify operations
On Tue, Jun 25, 2019 at 07:33:59PM +0200, Michael Ströder wrote:
> On 6/25/19 7:08 PM, Quanah Gibson-Mount wrote:
>> Another way to do this would be to set up an accesslog database backend
>> and the slapo-accesslog overlay on your primary DB, and log all
>> operations (not just success). This would also allow you to inspect
>> what values the client is providing.
>
> AFAIK this only helps if the modify request reaches the backend.
Sure, but most reasons it doesn't reach the overlay should be logger
already.
> If the slapd frontend already rejects a request (e.g. invalid DN or
> schema violation) there is no auditModify entry to look at.
For an otherwise LDAP conformant modify PDU with no controls attached,
only an invalid DN/invalid attribute name would make that happen and I'd
hope both generate useful messages in the response (preferably) or at
least in the relevant logs.
Regards,
--
Ondřej Kuzník
Senior Software Engineer
Symas Corporation http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP