HI!
When using slapo-accesslog in a meta-directory environment you might wanna query the accesslog database for quickly detecting deleted entries with (&(objectClass=auditDelete)(reqResult=0)(<time-interval-filter>) and act accordingly. Now when receiving this entry of object class auditDelete the entry referenced by 'reqDN' is already gone. But the primary key used for synchronization might be some attribute within the deleted entry and not being part of the DN.
So it would be helpful to preserve a set of configurable attributes of the deleted entry in those entries of object class 'auditDelete' in the accesslog database just like attribute 'reqOld' for modify and modifyDN requests (configurable with logold/logoldattr).
Ciao, Michael.
Michael Ströder wrote:
HI!
When using slapo-accesslog in a meta-directory environment you might wanna query the accesslog database for quickly detecting deleted entries with (&(objectClass=auditDelete)(reqResult=0)(<time-interval-filter>) and act accordingly. Now when receiving this entry of object class auditDelete the entry referenced by 'reqDN' is already gone. But the primary key used for synchronization might be some attribute within the deleted entry and not being part of the DN.
So it would be helpful to preserve a set of configurable attributes of the deleted entry in those entries of object class 'auditDelete' in the accesslog database just like attribute 'reqOld' for modify and modifyDN requests (configurable with logold/logoldattr).
Currently logold already logs the entire entry, so everything you could need is already there.
Howard Chu wrote:
Michael Ströder wrote:
When using slapo-accesslog in a meta-directory environment you might wanna query the accesslog database for quickly detecting deleted entries with (&(objectClass=auditDelete)(reqResult=0)(<time-interval-filter>) and act accordingly. Now when receiving this entry of object class auditDelete the entry referenced by 'reqDN' is already gone. But the primary key used for synchronization might be some attribute within the deleted entry and not being part of the DN.
So it would be helpful to preserve a set of configurable attributes of the deleted entry in those entries of object class 'auditDelete' in the accesslog database just like attribute 'reqOld' for modify and modifyDN requests (configurable with logold/logoldattr).
Currently logold already logs the entire entry, so everything you could need is already there.
Ah, ok. I misunderstood slapo-accesslog(5) and thought that this is also only done for modify and modifyDN requests. To preserve disk space slapo-accesslog could also take logoldattr into account for delete requests.
Ciao, Michael.
Michael Ströder wrote:
Howard Chu wrote:
Michael Ströder wrote:
When using slapo-accesslog in a meta-directory environment you might wanna query the accesslog database for quickly detecting deleted entries with (&(objectClass=auditDelete)(reqResult=0)(<time-interval-filter>) and act accordingly. Now when receiving this entry of object class auditDelete the entry referenced by 'reqDN' is already gone. But the primary key used for synchronization might be some attribute within the deleted entry and not being part of the DN.
So it would be helpful to preserve a set of configurable attributes of the deleted entry in those entries of object class 'auditDelete' in the accesslog database just like attribute 'reqOld' for modify and modifyDN requests (configurable with logold/logoldattr).
Currently logold already logs the entire entry, so everything you could need is already there.
Ah, ok. I misunderstood slapo-accesslog(5) and thought that this is also only done for modify and modifyDN requests. To preserve disk space slapo-accesslog could also take logoldattr into account for delete requests.
logoldattr is to specify *additional* attributes beyond the ones already being touched in the modify request. Since delete already logs everything, there is no purpose for it here.
-
Howard Chu -
Michael Ströder