I have configured accesslog for modification (attempts) in a multi-master configuration.
Comparing accesslogs after some changes, I find some issues (openLDAP 2.4.26 of SLES11
On the originating server the "reqSession" varies with the connection made,
while on a replication consumer the "reqSession" seems fixed (always 2 in one
case). Also on the originating server I see the authenticated DN in
"reqAuthzID", while on the replication consumer it seems to be always
"cn=Admin,dc=example,dc=org". "reqStart" and "reqEnd" are
also local for the LDAP server.
Now at least I have a problem with "reqSession": If you examine accesslog at
some later time, those volatile session IDs don't tell you anything anymore (e.g. the
host that opened the connection). Could acesslog be modified to add some details from the
session (like monitorConnectionPeerAddress, monitorConnectionStartTime)?