--On Wednesday, March 07, 2007 5:09 PM +0000 Frank.Swasey@uvm.edu wrote:
This is a cryptographically signed message in MIME format.
--------------ms050409020803020407000508 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit
On 3/6/07 6:31 PM, quanah@stanford.edu wrote:
I was looking at adding access log configurations to my main database that would log operations based on subtree. For example, I'd like to have all operations on "cn=accounts,dc=stanford,dc=edu" go into one accesslog, and operations on "cn=people,dc=stanford,dc=edu" go into another accesslog. My root is "dc=stanford,dc=edu". There doesn't seem to be a way with the way accesslog is currently designed to do this. I believe it would be a useful feature.
I have wished for a similar capability. However, have always been stopped from proceeding to look at modifying the code because all my consumers need to replicate the full database.
However, it would be nice to be able to break things apart and have them expire out of the accesslog at different times. For instance, our sendmail spam blocking rules live for a max of several hours and so I could expire those from the accesslog after 8 hours, but the core (people, groups, accounts) I'd like to keep for a couple days to make certain they get to the replica servers.
Is that the same kind of thing you are thinking of Quanah?
Hi Frank,
Actually, no, it isn't. ;)
What I want to do, is put subtree based accesslog's on my replica servers. We have multiple downstream systems that pull data from the directory. This would allow them to "sit and listen" to the changes made in their subtrees of interest, using the syncrepl protocol.
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html