Michael Ströder wrote:
Howard Chu wrote:
> Michael Ströder wrote:
>> When using slapo-accesslog in a meta-directory environment you might
>> query the accesslog database for quickly detecting deleted entries with
>> (&(objectClass=auditDelete)(reqResult=0)(<time-interval-filter>) and
>> accordingly. Now when receiving this entry of object class auditDelete
>> entry referenced by 'reqDN' is already gone. But the primary key used
>> synchronization might be some attribute within the deleted entry and
>> not being
>> part of the DN.
>> So it would be helpful to preserve a set of configurable attributes of
>> deleted entry in those entries of object class 'auditDelete' in the
>> database just like attribute 'reqOld' for modify and modifyDN requests
>> (configurable with logold/logoldattr).
> Currently logold already logs the entire entry, so everything you could
> need is already there.
Ah, ok. I misunderstood slapo-accesslog(5) and thought that this is also only
done for modify and modifyDN requests. To preserve disk space slapo-accesslog
could also take logoldattr into account for delete requests.
logoldattr is to specify *additional* attributes beyond the ones already being
touched in the modify request. Since delete already logs everything, there is
no purpose for it here.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/