Hi all, I have a problem with overlay accesslog. Here is my overlay configuration:
overlay accesslog logdb dc=log,dc=ciccio.it logops all logold (objectclass=inetOrgPerson) logpurge 10+00:00 08:00 logsuccess FALSE
If I try: ldapwhoami -H ldap://myserver -D "uid=myuser,ou=People,dc= ciccio.it" -W I obtain this in the log:
Aug 26 12:01:04 myserver slapd-dblog[12708]: conn=1003 op=19 ADD dn="reqStart=20130826100104.000000Z,dc=log,dc=ciccio.it" Aug 26 12:01:04 myserver slapd-dblog[12708]: conn=1003 op=19 RESULT tag=105 err=0 text= Aug 26 12:01:04 myserver slapd-dblog[12708]: conn=1005 op=12 ADD dn="reqStart=20130826100104.000000Z,dc=log,dc=ciccio.it" Aug 26 12:01:04 myserver slapd-dblog[12708]: conn=1005 op=12 RESULT tag=105 err=68 text= Aug 26 12:01:04 myserver slapd-dblog[12708]: conn=1003 op=20 ADD dn="reqStart=20130826100104.000004Z,dc=log,dc=ciccio.it" Aug 26 12:01:04 myserver slapd-dblog[12708]: conn=1003 op=20 RESULT tag=105 err=0 text=
And those are the entries in the dblog: # 20130826100104.000000Z, log.ciccio.it dn: reqStart=20130826100104.000000Z,dc=log,dc=ciccio.it objectClass: auditSearch reqStart: 20130826100104.000000Z reqEnd: 20130826100104.000001Z reqType: search reqSession: 1011 reqAuthzID: cn=Manager,dc=ciccio.it reqDN: uid=myuser,ou=People,dc=ciccio.it reqResult: 0 reqScope: base reqDerefAliases: never reqAttrsOnly: FALSE reqFilter: (objectClass=groupOfNames) reqAttr: member reqEntries: 0 reqTimeLimit: -1 reqSizeLimit: 1
# 20130826100104.000004Z, log.ciccio.it dn: reqStart=20130826100104.000004Z,dc=log,dc=ciccio.it objectClass: auditObject reqStart: 20130826100104.000004Z reqEnd: 20130826100104.000005Z reqType: unbind reqSession: 1011 reqAuthzID: uid=myuser,ou=People,dc=ciccio.it
Like you can see there are a search and a unbind, but not the bind operation.
I think that err=68 is because ldapwhoami is composed of search, bind, unbind. Since the first two operation are executed at the same time and the dn of a new entry is generated using reqStart, the bind operation takes error 68 (LDAP_ALREADY_EXISTS).
How can I get around this problem? Can I modify generation of entrydn in the dblog? For example compose it in this way: "reqStart=xxxx,reqType=yyyy,dc=log,dc=ciccio.it"
Thanks a lot, Fabio.