--On Monday, August 19, 2019 1:21 PM +0200 Ulrich Windl Ulrich.Windl@rz.uni-regensburg.de wrote:
Hi!
I have a question preparing a transition of syncrepl to delta-syncrepl: Our database already has an accesslog overlay (olcAccessLogOps: writes) and a corresponding database configured for monitoring purposes.
You haven't noted the value for olcAccessLogSuccess. Generally for delta-syncrepl *only* databases, this is set to TRUE. However, that's not mandatory (see the end for why).
Now that delta syncreply also requires an accesslog overlay/database with somewhat different setting compared to the existing database, I wonder whether it's possible (and practically being used/proven to work) to have multiple accesslog overlays.
Since each overlay instantiation specifically defines which accesslog database to log to, yes you can do this, but...
Thinking about it, I also wonder whether both needs for accesslog could be satisfied with one accesslog database, just using different LDAP filters. I guess the delta syncreply is using the acesslog database in a read-only manner (our monitoring also does), so it might actually work.
The accesslog DB is read-only by definition. But yes, as long as writes are being logged, then you could use it for delta-syncrepl. The filter on the consumer side already limits it to only consume successful write ops:
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com