On Thu, Apr 24, 2025 at 07:04:46AM +0000, Windl, Ulrich wrote:
Hi!
Debugging issues with my OpenLDAP configuration I inspected the changelog. One entry had some "odd" values (IMHO). Consider this example:
dn: reqStart=20250423131324.000185Z,cn=audit objectClass: auditModify reqType: modify reqDN: olcDatabase={4}mdb,cn=config reqResult: 0 reqMod: entryCSN:= 20250423131324.377585Z#000000#005#000000 reqMod: modifyTimestamp:= 20250423131324Z
The change in entryCSN and modifyTimestamp are: OLD: 20250423131324.038419Z#000000#005#000000 NEW: 20250423131324.377585Z#000000#005#000000 OLD: 20250423131324Z NEW: 20250423131324Z
So the change happened within the same second, and modifyTimestamp did not actually change. So the question is kind of philosophical: Are attibutes logged as changed when actually they did not change? This would apply to modifyTimestamp and modifyTimestamp in this case.
Hi Ulrich, the accesslog main purpose is to serve as an auditable record of operations performed. As such it records what has been requested (e.g. set modifyTimestamp attribute to "20250423131324Z"), even if it ended up being a noop for some reason like in your case.
Incidentally, it is also usable as a replication source, which deltasync exploits.
Regards,