Quanah Gibson-Mount wrote:
--On Thursday, April 14, 2016 9:25 AM +0200 Ulrich Windl Ulrich.Windl@rz.uni-regensburg.de wrote:
I have configured accesslog to log all changes to an LDAP server, and that seems to work for months. Recently I noticed that that there wee no new entries for more than a week. Usually there are several entries per day, because with password policy every bad login attempt is logged. As we have three multi-master servers, I wonder whether changes made to other servers and replicated to the local server will be logged by accesslog also. Are the password policy updates (which are somewhat special) also replicated to all servers?
Have you read over the slapo-ppolicy(5) man page?
The "OPERATIONAL ATTRIBUTES" section is interesting. I can't tell how it's supposed to operate in an MMR environment.
Probably Ulrich is referring to the internal write operations sent by slapo-ppolicy setting attribute 'pwdFailureTime'. Those are indeed also written to accesslog database. I also use this to detect failed logins in case I don't want to log all bind operations.
Ciao, Michael.