Hi,
the accesslog in my production environment is growing quite large which makes backing it up challenging.
The reason is that there are plenty of accesslog entires which originate from slapo-ppolicy (users who can't remember their passwords):
dn: reqStart=20140219033229.000000Z,cn=accesslog reqOld: pwdFailureTime: 20140218152927Z reqOld: pwdFailureTime: 20140218152957Z reqOld: pwdFailureTime: 20140218153027Z reqOld: pwdFailureTime: 20140218153057Z
as I don't need pwdFailureTime in reqOld I would like to exclude this attribute form reqOld.
I is my understanding that: * olcAccessLogOld only allows me to exclude whole user objects from appearing in reqOld (as I need reqOld info for users I can't do this)
olcAccessLogOldAttr - only allows specifying a positive list of attributes that gets logged no matter whether they changed or not.
what I need is something like:
dn: olcOverlay={3}accesslog,olcDatabase={5}mdb,cn=config olcAccessLogOldAttr: !pwdFailureTime
(a way to specify a list of attribs that never get logged even if they have changed)
is there a way I can get rid of the pwdFailureTime in the accesslog?
Best regards,
Marvin Mundry University of Hamburg Regional Computer Center (RRZ) Division Zentrale Dienste Schlueterstrasse 70 20146 Hamburg +49 (0)40 42838-9109