[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: Q: accesslog and sessions

To: openldap-technical@openldap.org <openldap-technical@openldap.org>, Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
Subject: AW: Q: accesslog and sessions
From: Uwe Werler <uwe.werler@retiolum.eu>
Date: Thu, 16 Oct 2014 14:03:25 +0200

-----Ursprüngliche Nachricht-----
Von:	Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
Gesendet:	Do 16.10.2014 13:46
Betreff:	Q: accesslog and sessions
An:	openldap-technical@openldap.org; 
> Hi!
> 
> I have configured accesslog for modification (attempts) in a multi-master 
> configuration. Comparing accesslogs after some changes, I find some issues 
> (openLDAP 2.4.26 of SLES11 SP3):
> 
> On the originating server the "reqSession" varies with the connection made, 
> while on a replication consumer the "reqSession" seems fixed (always 2 in one 
> case).

'cause of replication.

>  Also on the originating server I see the authenticated DN in 
> "reqAuthzID", while on the replication consumer it seems to be always 
> "cn=Admin,dc=example,dc=org". "reqStart" and "reqEnd" are also local for the 
> LDAP server.

'cause the repl consumer writes to the database as admin user.

> 
> Now at least I have a problem with "reqSession": If you examine accesslog at 
> some later time, those volatile session IDs don't tell you anything anymore 
> (e.g. the host that opened the connection). Could acesslog be modified to add 
> some details from the session (like monitorConnectionPeerAddress, 
> monitorConnectionStartTime)?
> 
> Regards,
> Ulrich Windl
> 

This woule be a very nice feature, indeed.

> 
>

Follow-Ups:
- Re: AW: Q: accesslog and sessions
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Q: accesslog and sessions
Next by Date: Re: AW: Q: accesslog and sessions
Index(es):
- Chronological
- Thread