Howard Chu wrote:
michael@stroeder.com wrote:
It seems that modify requests which failed due to Invalid DN syntax (34) are not written to accesslog-DB. I guess that those requests get abandoned by the frontend and never reach the backend at all.
Correct.
It would be handy to see the invalid modify request in the accesslog-DB though.
Any chance to achieve this?
Not likely. The frontend must call select_backend() based on the incoming DN to determine which backend to invoke, and thus which stack of overlays are involved. If the DN is invalid, no selection can occur.
Hmm, I've done some more tests. Invalid syntax (21) also does not make it beyond the frontend into accesslog-DB.
I have no clear opinion on this. Of course the current behaviour is good for performance. But sometimes one would like to observe what broken LDAP clients sent in a modify request in the past.
Also running with BER loglevel or breaking up the TLS connection with stunnel and sniff with Wireshark is not always an option.
Having this configurable would be great.
What's your opinion on this?
Ciao, Michael.