HI!
In web2ldap when displaying a single entry I have a button which directly forms a filter for searching the audit log (accesslog DB) for the entry based on the attribute 'reqDN'. This is handy but does not work anymore when entries were renamed.
So how about logging the value of entryUUID of an entry affected by a write operation in a separate attribute 'reqEntryUUID'?
Ciao, Michael.
Michael Ströder wrote:
HI!
In web2ldap when displaying a single entry I have a button which directly forms a filter for searching the audit log (accesslog DB) for the entry based on the attribute 'reqDN'. This is handy but does not work anymore when entries were renamed.
So how about logging the value of entryUUID of an entry affected by a write operation in a separate attribute 'reqEntryUUID'?
Just use logoldattr entryUUID.
Don't invent special cases when a general solution already exists...
Howard Chu wrote:
Michael Ströder wrote:
In web2ldap when displaying a single entry I have a button which directly forms a filter for searching the audit log (accesslog DB) for the entry based on the attribute 'reqDN'. This is handy but does not work anymore when entries were renamed.
So how about logging the value of entryUUID of an entry affected by a write operation in a separate attribute 'reqEntryUUID'?
Just use logoldattr entryUUID.
In principle that works with a filter (reqOld=entryUUID: 105da84e-0787-4202-bd70-d4e6d919de48) ...
Don't invent special cases when a general solution already exists...
...but I'd argue that one would probably want to index an searchable attribute like the proposed 'reqEntryUUID'. You'd rather don't want to index 'reqOld', do you?
Ciao, Michael.
-
Howard Chu -
Michael Ströder