RE: (ITS#3460) Adding LDAP statistics script to contrib directory
by daveh@ci.com.au
On Thu, 2 Nov 2006, Quanah Gibson-Mount wrote:
> Peter S, Dave, Peter M, Frank, and Todd, do you also grant such a
> release for the work you've done with this script? :)
Sure; fame at last :-)
--
Dave Horsfall DTM VK2KFU daveh(a)ci.com.au Ph: +61 2 9552-5509 (d) -5500 (sw)
Corinthian Eng'ng P/L, Ste 54 Jones Bay Whf, 26-32 Pirrama Rd, Pyrmont 2009, AU
16 years, 7 months
Re: (ITS#3460) Adding LDAP statistics script to contrib directory
by peter.schober@univie.ac.at
quanah et al.,
* Quanah Gibson-Mount <quanah(a)stanford.edu> [2006-11-02 20:42]:
> Peter S, Dave, Peter M, Frank, and Todd, do you also grant such a
> release for the work you've done with this script? :)
go ahead.
actually I though about rewriting it not just once before (it's rather
spaghetti-ish, imho) but too many other things keep popping up.
regards,
-p.schober
--
peter.schober(a)univie.ac.at - vienna university computer center
Universitaetsstrasse 7, A-1010 Wien, Austria/Europe
Tel. +43-1-4277-14155, Fax. +43-1-4277-9140
16 years, 7 months
Re: (ITS#3460) Adding LDAP statistics script to contrib directory
by tlyons@ivenue.com
On Thu, Nov 02, 2006 at 11:42:32AM -0800, Quanah Gibson-Mount wrote:
>I'd like to see this script included as well. There were two concern
>listed in the ITS:
>
>#1) Awaiting new version with proper copyright notice.
>#2) Need information about incorporated patches to ensure all who have IPR
>in this
>script have made appropriate license grants.
>
>I know #1 has been addressed.
>
>As for #2, I grant such a release for the work I've done on the script.
>
>Peter S, Dave, Peter M, Frank, and Todd, do you also grant such a release
>for the work you've done with this script? :)
I do, though I don't think my work amounts to much more than one item
in a foreach loop. But I do.
--
Regards... Todd
when you shoot yourself in the foot, just because you are so neurally
broken that the signal takes years to register in your brain, it does
not mean that your foot does not have a hole in it. --Randy Bush
Linux kernel 2.6.17-5mdv 3 users, load average: 0.00, 0.04, 0.13
16 years, 7 months
RE: (ITS#3460) Adding LDAP statistics script to contrib directory
by quanah@stanford.edu
I'd like to see this script included as well. There were two concern
listed in the ITS:
#1) Awaiting new version with proper copyright notice.
#2) Need information about incorporated patches to ensure all who have IPR
in this
script have made appropriate license grants.
I know #1 has been addressed.
As for #2, I grant such a release for the work I've done on the script.
Peter S, Dave, Peter M, Frank, and Todd, do you also grant such a release
for the work you've done with this script? :)
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
16 years, 7 months
Re: (ITS#4728) accesslog dont write attributes removing
by hyc@symas.com
ando(a)sys-net.it wrote:
> Sounds odd; can you provide a log at level "packets" of the request with
> php? I suspect it's doing something like
>
> dn: uid=user,ou=people,dc=example
> changetype: modify
> replace: autoreply
> -
>
This was the problem, it was ignoring Replace when no values were
provided. Fixed now in HEAD and RE23.
> or
>
> dn: uid=user,ou=people,dc=example
> changetype: modify
> delete: autoreply
> autoreply: TRUE
> -
>
> which, although semantically equivalent to what you tried, could be handled differently by acesslog(and that would be a bug)
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
16 years, 7 months
Re: (ITS#4728) accesslog dont write attributes removing
by ando@sys-net.it
surnu(a)alkohol.ee wrote:
> i made some test and found that if i use ldapmodify
> ldapmodify -x -W -ZZ -H 'ldap://example' -D "cn=admin,dc=example"
>
> dn: uid=user,ou=people,dc=example
> changetype: modify
> add: autoreply
> autoreply: TRUE
> modifying entry "uid=user,ou=people,dc=example"
>
> dn: uid=user,ou=people,dc=example
> changetype: modify
> delete: autoreply
> modifying entry "uid=user,ou=people,dc=example"
>
> and accesslog shows everything correct
>
> dn: reqStart=20061102130447.000000Z,cn=log,dc=example
> objectClass: auditModify
> structuralObjectClass: auditModify
> reqStart: 20061102130447.000000Z
> reqEnd: 20061102130447.000001Z
> reqType: modify
> reqSession: 153
> reqAuthzID: cn=admin,dc=example
> reqDN: uid=user,ou=people,dc=example
> reqResult: 0
> reqMod: autoReply:+ TRUE
> reqMod: entryCSN:= 20061102130447Z#000000#00#000000
> reqMod: modifiersName:= cn=admin,dc=example
> reqMod: modifyTimestamp:= 20061102130447Z
> entryUUID: 7658ab48-febe-102a-9f6c-19ea2369af21
> creatorsName: cn=log,dc=example
> createTimestamp: 20061102130447Z
> entryCSN: 20061102130447Z#000000#00#000000
> modifiersName: cn=log,dc=example
> modifyTimestamp: 20061102130447Z
>
> dn: reqStart=20061102130558.000000Z,cn=log,dc=example
> objectClass: auditModify
> structuralObjectClass: auditModify
> reqStart: 20061102130558.000000Z
> reqEnd: 20061102130558.000001Z
> reqType: modify
> reqSession: 153
> reqAuthzID: cn=admin,dc=example
> reqDN: uid=user,ou=people,dc=example
> reqResult: 0
> reqMod: autoReply:-
> reqMod: entryCSN:= 20061102130558Z#000000#00#000000
> reqMod: modifiersName:= cn=admin,dc=example
> reqMod: modifyTimestamp:= 20061102130558Z
> entryUUID: a041e758-febe-102a-9f6d-19ea2369af21
> creatorsName: cn=log,dc=example
> createTimestamp: 20061102130558Z
> entryCSN: 20061102130558Z#000000#00#000000
> modifiersName: cn=log,dc=example
> modifyTimestamp: 20061102130558Z
>
> but if i do same thing with phpldapadmin or any other php application i
> get acceslog
>
> dn: reqStart=20061102131503.000002Z,cn=log,dc=example
> objectClass: auditModify
> structuralObjectClass: auditModify
> reqStart: 20061102131503.000002Z
> reqEnd: 20061102131503.000003Z
> reqType: modify
> reqSession: 180
> reqAuthzID: uid=user,ou=people,dc=example
> reqDN: uid=user,ou=people,dc=example
> reqResult: 0
> reqMod: autoReply:+ TRUE
> reqMod: entryCSN:= 20061102131503Z#000000#00#000000
> reqMod: modifiersName:= uid=user,ou=people,dc=example
> reqMod: modifyTimestamp:= 20061102131503Z
> entryUUID: e55e6432-febf-102a-9f70-19ea2369af21
> creatorsName: cn=log,dc=example
> createTimestamp: 20061102131503Z
> entryCSN: 20061102131503Z#000000#00#000000
> modifiersName: cn=log,dc=example
> modifyTimestamp: 20061102131503Z
>
> dn: reqStart=20061102131511.000002Z,cn=log,dc=example
> objectClass: auditModify
> structuralObjectClass: auditModify
> reqStart: 20061102131511.000002Z
> reqEnd: 20061102131511.000003Z
> reqType: modify
> reqSession: 182
> reqAuthzID: uid=user,ou=people,dc=example
> reqDN: uid=user,ou=people,dc=example
> reqResult: 0
> reqMod: entryCSN:= 20061102131511Z#000000#00#000000
> reqMod: modifiersName:= uid=user,ou=people,dc=example
> reqMod: modifyTimestamp:= 20061102131511Z
> entryUUID: ea4cd596-febf-102a-9f71-19ea2369af21
> creatorsName: cn=log,dc=example
> createTimestamp: 20061102131511Z
> entryCSN: 20061102131511Z#000000#00#000000
> modifiersName: cn=log,dc=example
> modifyTimestamp: 20061102131511Z
>
> and if using ldap admin (http://ldapadmin.sourceforge.net/) then
> accesslog is also correct.
>
Sounds odd; can you provide a log at level "packets" of the request with
php? I suspect it's doing something like
dn: uid=user,ou=people,dc=example
changetype: modify
replace: autoreply
-
or
dn: uid=user,ou=people,dc=example
changetype: modify
delete: autoreply
autoreply: TRUE
-
which, although semantically equivalent to what you tried, could be handled differently by acesslog(and that would be a bug)
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati(a)sys-net.it
------------------------------------------
16 years, 7 months
Re: (ITS#4728) accesslog dont write attributes removing
by surnu@alkohol.ee
i made some test and found that if i use ldapmodify
ldapmodify -x -W -ZZ -H 'ldap://example' -D "cn=admin,dc=example"
dn: uid=user,ou=people,dc=example
changetype: modify
add: autoreply
autoreply: TRUE
modifying entry "uid=user,ou=people,dc=example"
dn: uid=user,ou=people,dc=example
changetype: modify
delete: autoreply
modifying entry "uid=user,ou=people,dc=example"
and accesslog shows everything correct
dn: reqStart=20061102130447.000000Z,cn=log,dc=example
objectClass: auditModify
structuralObjectClass: auditModify
reqStart: 20061102130447.000000Z
reqEnd: 20061102130447.000001Z
reqType: modify
reqSession: 153
reqAuthzID: cn=admin,dc=example
reqDN: uid=user,ou=people,dc=example
reqResult: 0
reqMod: autoReply:+ TRUE
reqMod: entryCSN:= 20061102130447Z#000000#00#000000
reqMod: modifiersName:= cn=admin,dc=example
reqMod: modifyTimestamp:= 20061102130447Z
entryUUID: 7658ab48-febe-102a-9f6c-19ea2369af21
creatorsName: cn=log,dc=example
createTimestamp: 20061102130447Z
entryCSN: 20061102130447Z#000000#00#000000
modifiersName: cn=log,dc=example
modifyTimestamp: 20061102130447Z
dn: reqStart=20061102130558.000000Z,cn=log,dc=example
objectClass: auditModify
structuralObjectClass: auditModify
reqStart: 20061102130558.000000Z
reqEnd: 20061102130558.000001Z
reqType: modify
reqSession: 153
reqAuthzID: cn=admin,dc=example
reqDN: uid=user,ou=people,dc=example
reqResult: 0
reqMod: autoReply:-
reqMod: entryCSN:= 20061102130558Z#000000#00#000000
reqMod: modifiersName:= cn=admin,dc=example
reqMod: modifyTimestamp:= 20061102130558Z
entryUUID: a041e758-febe-102a-9f6d-19ea2369af21
creatorsName: cn=log,dc=example
createTimestamp: 20061102130558Z
entryCSN: 20061102130558Z#000000#00#000000
modifiersName: cn=log,dc=example
modifyTimestamp: 20061102130558Z
but if i do same thing with phpldapadmin or any other php application i
get acceslog
dn: reqStart=20061102131503.000002Z,cn=log,dc=example
objectClass: auditModify
structuralObjectClass: auditModify
reqStart: 20061102131503.000002Z
reqEnd: 20061102131503.000003Z
reqType: modify
reqSession: 180
reqAuthzID: uid=user,ou=people,dc=example
reqDN: uid=user,ou=people,dc=example
reqResult: 0
reqMod: autoReply:+ TRUE
reqMod: entryCSN:= 20061102131503Z#000000#00#000000
reqMod: modifiersName:= uid=user,ou=people,dc=example
reqMod: modifyTimestamp:= 20061102131503Z
entryUUID: e55e6432-febf-102a-9f70-19ea2369af21
creatorsName: cn=log,dc=example
createTimestamp: 20061102131503Z
entryCSN: 20061102131503Z#000000#00#000000
modifiersName: cn=log,dc=example
modifyTimestamp: 20061102131503Z
dn: reqStart=20061102131511.000002Z,cn=log,dc=example
objectClass: auditModify
structuralObjectClass: auditModify
reqStart: 20061102131511.000002Z
reqEnd: 20061102131511.000003Z
reqType: modify
reqSession: 182
reqAuthzID: uid=user,ou=people,dc=example
reqDN: uid=user,ou=people,dc=example
reqResult: 0
reqMod: entryCSN:= 20061102131511Z#000000#00#000000
reqMod: modifiersName:= uid=user,ou=people,dc=example
reqMod: modifyTimestamp:= 20061102131511Z
entryUUID: ea4cd596-febf-102a-9f71-19ea2369af21
creatorsName: cn=log,dc=example
createTimestamp: 20061102131511Z
entryCSN: 20061102131511Z#000000#00#000000
modifiersName: cn=log,dc=example
modifyTimestamp: 20061102131511Z
and if using ldap admin (http://ldapadmin.sourceforge.net/) then
accesslog is also correct.
16 years, 7 months
Re: (ITS#4728) accesslog dont write attributes removing
by surnu@alkohol.ee
> It works fine here. Does test043 in the test suite succeed or fail for you?
It succeed, i send my configuration.
slapd.conf:
# Schema and objectClass definitions
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/samba-tng.schema
include /etc/openldap/schema/myown.schema
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/openldap/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/openldap/slapd.args
# Read slapd.conf(5) for possible values
loglevel 256
# Allow LDAPv2 for legacy clients
allow bind_v2
security update_ssf=128
# Allow nof entries with single search
sizelimit -1
timelimit 30
#threads
threads 256
# TLS
TLSCertificateFile /etc/openldap/ssl/example.crt
TLSCertificateKeyFile /etc/openldap/ssl/example.key
TLSCACertificateFile /etc/openldap/ssl/ca.crt
# REFERRAL
referral ldap://example.org
# ACL
include /etc/openldap/example.acl
# Database conf
include /etc/openldap/slapd.bdb.log.example
include /etc/openldap/slapd.bdb.example
slapd.bdb.log.example:
database bdb
suffix "cn=example_log,dc=logs"
directory /var/lib/openldap-data/example/example_log
rootdn "cn=example_log,dc=logs"
rootpw "secret"
cachesize 5000
idlcachesize 1000
checkpoint 128 30
lastmod on
overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE
# Indexid
include /etc/openldap/slapd.log.index
slapd.bdb.example:
database bdb
suffix "dc=example"
rootdn "cn=admin,dc=example"
rootpw "secret"
directory "/var/lib/openldap-data/example/"
cachesize 100000
idlcachesize 100000
schemacheck on
checkpoint 8 15
lastmod on
include /etc/openldap/slapd.index
overlay accesslog
logdb cn=pop_log,dc=logs
logops writes
logpurge 7+00:00 1+00:00
limits dn.exact="uid=sync,ou=sync,dc=example" time.soft=unlimited
time.hard=unlimited size.soft=unlimited size.hard=unlimited
overlay syncprov
syncprov-checkpoint 1000 60
syncprov-sessionlog 1000
modulepath /usr/lib/openldap/openldap/
moduleload back_monitor
database monitor
rootdn "cn=monitor"
16 years, 7 months
