[Issue 9960] New: Problem with accesslog overlay along with dynlist overlay
by openldap-its@openldap.org
https://bugs.openldap.org/show_bug.cgi?id=9960
Issue ID: 9960
Summary: Problem with accesslog overlay along with dynlist
overlay
Product: OpenLDAP
Version: 2.5.13
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: overlays
Assignee: bugs(a)openldap.org
Reporter: carsten.jaeckel(a)tu-dortmund.de
Target Milestone: ---
As long as only the accesslog overlay is used the logging works as expected.
Successfully logged search access:
ldapsearch -H ldaps://ldap.example.com:636 -D cn=manager,dc=example,dc=com -W
-b dc=users,dc=example,dc=com cn=user1 mail
Result of
ldapsearch -H ldaps://ldap.example.com:636 -D cn=log -W -b cn=log
objectclass=*:
######################################
...
# 20221212145029.000000Z, log
dn: reqStart=20221212145029.000000Z,cn=log
objectClass: auditBind
reqStart: 20221212145029.000000Z
reqEnd: 20221212145029.000001Z
reqType: bind
reqSession: 1022
reqAuthzID:
reqDN: cn=manager,dc=example,dc=com
reqResult: 0
reqVersion: 3
reqMethod: SIMPLE
# 20221212145029.000002Z, log
dn: reqStart=20221212145029.000002Z,cn=log
objectClass: auditSearch
reqStart: 20221212145029.000002Z
reqEnd: 20221212145029.000003Z
reqType: search
reqSession: 1022
reqAuthzID: manager,dc=example,dc=com
reqDN: dc=users,dc=example,dc=com
reqResult: 0
reqScope: sub
reqDerefAliases: never
reqAttrsOnly: FALSE
reqFilter: (cn=user1)
reqAttr: mail
reqEntries: 1
reqTimeLimit: -1
reqSizeLimit: -1
# 20221212145029.000004Z, log
dn: reqStart=20221212145029.000004Z,cn=log
objectClass: auditObject
reqStart: 20221212145029.000004Z
reqEnd: 20221212145029.000005Z
reqType: unbind
reqSession: 1022
reqAuthzID: manager,dc=example,dc=com
######################################
After adding overlay dynlist the information in the accesslog database after
the same search operation
ldapsearch -H ldaps://ldap.example.com:636 -D cn=manager,dc=example,dc=com -W
-b dc=users,dc=example,dc=com cn=user1 mail
is as follows:
######################################
...
# 20221212144859.000000Z, log
dn: reqStart=20221212144859.000000Z,cn=log
objectClass: auditBind
reqStart: 20221212144859.000000Z
reqEnd: 20221212144859.000001Z
reqType: bind
reqSession: 1019
reqAuthzID:
reqDN: manager,dc=example,dc=com
reqResult: 0
reqVersion: 3
reqMethod: SIMPLE
# 20221212144859.000002Z, log
dn: reqStart=20221212144859.000002Z,cn=log
objectClass: auditSearch
reqStart: 20221212144859.000002Z
reqEnd: 20221212144859.000003Z
reqType: search
reqSession: 1019
reqAuthzID: manager,dc=example,dc=com
reqDN: dc=users,dc=example,dc=com
reqResult: 0
reqScope: sub
reqDerefAliases: never
reqAttrsOnly: FALSE
reqFilter: (objectClass=groupOfURLs)
reqAttr: memberURL
reqEntries: 0
reqTimeLimit: -1
reqSizeLimit: -1
# 20221212144859.000005Z, log
dn: reqStart=20221212144859.000005Z,cn=log
objectClass: auditObject
reqStart: 20221212144859.000005Z
reqEnd: 20221212144859.000006Z
reqType: unbind
reqSession: 1019
reqAuthzID: manager,dc=example,dc=com
######################################
Configuration:
######################################
dn: olcDatabase={1}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {1}mdb
...
olcSuffix: dc=example,dc=com
olcSyncUseSubentry: FALSE
dn: olcOverlay={0}refint,olcDatabase={1}mdb,cn=config
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
objectClass: top
olcOverlay: {0}refint
olcRefintAttribute: member
olcRefintAttribute: memberOf
olcRefintNothing: cn=tgroup,dc=groups,dc=example,dc=com
dn: olcOverlay={1}ppolicy,olcDatabase={1}mdb,cn=config
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
objectClass: top
olcOverlay: {1}ppolicy
olcPPolicyHashCleartext: TRUE
dn: olcOverlay={2}dynlist,olcDatabase={1}mdb,cn=config
objectClass: olcConfig
objectClass: olcDynListConfig
objectClass: olcOverlayConfig
objectClass: top
olcOverlay: {2}dynlist
olcDynListAttrSet: {0}groupOfURLs memberURL member+memberOf@groupOfNames
dn: olcOverlay={3}lastbind,olcDatabase={1}mdb,cn=config
objectClass: olcConfig
objectClass: olcLastBindConfig
objectClass: olcOverlayConfig
objectClass: top
olcOverlay: {3}lastbind
olcLastBindPrecision: 86400
dn: olcOverlay={4}accesslog,olcDatabase={1}mdb,cn=config
objectClass: olcAccessLogConfig
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: top
olcAccessLogDB: cn=log
olcOverlay: {4}accesslog
olcAccessLogOld: (objectClass=inetOrgPerson)
olcAccessLogOldAttr: description
olcAccessLogOps: all
olcAccessLogPurge: 01:00 00:15
######################################
--
You are receiving this mail because:
You are on the CC list for the issue.