surnu@alkohol.ee wrote:

i made some test and found that if i use ldapmodify ldapmodify -x -W -ZZ -H 'ldap://example' -D "cn=admin,dc=example"

dn: uid=user,ou=people,dc=example changetype: modify add: autoreply autoreply: TRUE modifying entry "uid=user,ou=people,dc=example"

dn: uid=user,ou=people,dc=example changetype: modify delete: autoreply modifying entry "uid=user,ou=people,dc=example"

and accesslog shows everything correct

dn: reqStart=20061102130447.000000Z,cn=log,dc=example objectClass: auditModify structuralObjectClass: auditModify reqStart: 20061102130447.000000Z reqEnd: 20061102130447.000001Z reqType: modify reqSession: 153 reqAuthzID: cn=admin,dc=example reqDN: uid=user,ou=people,dc=example reqResult: 0 reqMod: autoReply:+ TRUE reqMod: entryCSN:= 20061102130447Z#000000#00#000000 reqMod: modifiersName:= cn=admin,dc=example reqMod: modifyTimestamp:= 20061102130447Z entryUUID: 7658ab48-febe-102a-9f6c-19ea2369af21 creatorsName: cn=log,dc=example createTimestamp: 20061102130447Z entryCSN: 20061102130447Z#000000#00#000000 modifiersName: cn=log,dc=example modifyTimestamp: 20061102130447Z

dn: reqStart=20061102130558.000000Z,cn=log,dc=example objectClass: auditModify structuralObjectClass: auditModify reqStart: 20061102130558.000000Z reqEnd: 20061102130558.000001Z reqType: modify reqSession: 153 reqAuthzID: cn=admin,dc=example reqDN: uid=user,ou=people,dc=example reqResult: 0 reqMod: autoReply:- reqMod: entryCSN:= 20061102130558Z#000000#00#000000 reqMod: modifiersName:= cn=admin,dc=example reqMod: modifyTimestamp:= 20061102130558Z entryUUID: a041e758-febe-102a-9f6d-19ea2369af21 creatorsName: cn=log,dc=example createTimestamp: 20061102130558Z entryCSN: 20061102130558Z#000000#00#000000 modifiersName: cn=log,dc=example modifyTimestamp: 20061102130558Z

but if i do same thing with phpldapadmin or any other php application i get acceslog

dn: reqStart=20061102131503.000002Z,cn=log,dc=example objectClass: auditModify structuralObjectClass: auditModify reqStart: 20061102131503.000002Z reqEnd: 20061102131503.000003Z reqType: modify reqSession: 180 reqAuthzID: uid=user,ou=people,dc=example reqDN: uid=user,ou=people,dc=example reqResult: 0 reqMod: autoReply:+ TRUE reqMod: entryCSN:= 20061102131503Z#000000#00#000000 reqMod: modifiersName:= uid=user,ou=people,dc=example reqMod: modifyTimestamp:= 20061102131503Z entryUUID: e55e6432-febf-102a-9f70-19ea2369af21 creatorsName: cn=log,dc=example createTimestamp: 20061102131503Z entryCSN: 20061102131503Z#000000#00#000000 modifiersName: cn=log,dc=example modifyTimestamp: 20061102131503Z

dn: reqStart=20061102131511.000002Z,cn=log,dc=example objectClass: auditModify structuralObjectClass: auditModify reqStart: 20061102131511.000002Z reqEnd: 20061102131511.000003Z reqType: modify reqSession: 182 reqAuthzID: uid=user,ou=people,dc=example reqDN: uid=user,ou=people,dc=example reqResult: 0 reqMod: entryCSN:= 20061102131511Z#000000#00#000000 reqMod: modifiersName:= uid=user,ou=people,dc=example reqMod: modifyTimestamp:= 20061102131511Z entryUUID: ea4cd596-febf-102a-9f71-19ea2369af21 creatorsName: cn=log,dc=example createTimestamp: 20061102131511Z entryCSN: 20061102131511Z#000000#00#000000 modifiersName: cn=log,dc=example modifyTimestamp: 20061102131511Z

and if using ldap admin (http://ldapadmin.sourceforge.net/) then accesslog is also correct.

Sounds odd; can you provide a log at level "packets" of the request with php? I suspect it's doing something like

dn: uid=user,ou=people,dc=example changetype: modify replace: autoreply -

or

dn: uid=user,ou=people,dc=example changetype: modify delete: autoreply autoreply: TRUE -

which, although semantically equivalent to what you tried, could be handled differently by acesslog(and that would be a bug)

p.

Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------