Howard Chu wrote:
> It seems that modify requests which failed due to Invalid DN syntax (34) are
> written to accesslog-DB. I guess that those requests get abandoned by the
> frontend and never reach the backend at all.
> It would be handy to see the invalid modify request in the accesslog-DB though.
> Any chance to achieve this?
Not likely. The frontend must call select_backend() based on the incoming DN
to determine which backend to invoke, and thus which stack of overlays are
involved. If the DN is invalid, no selection can occur.
Hmm, I've done some more tests. Invalid syntax (21) also does not make it
beyond the frontend into accesslog-DB.
I have no clear opinion on this. Of course the current behaviour is good for
performance. But sometimes one would like to observe what broken LDAP clients
sent in a modify request in the past.
Also running with BER loglevel or breaking up the TLS connection with stunnel
and sniff with Wireshark is not always an option.
Having this configurable would be great.
What's your opinion on this?