Hi everyone!
If no log setting in slapd.conf, I can check in the syslog who deleted a certain user account?
On 03. juni 2015 21:03, Elias Pereira wrote:
If no log setting in slapd.conf, I can check in the syslog who deleted a certain user account?
The default slapd loglevel 'stats' is sufficient for that, but whether it got logged anywhere depends on your syslog settings.
By default, slapd uses syslog user.level = local4.debug. The slapd command line might override, see man slapd. So if your /etc/syslog.conf (or whatever your OS calls it) has "local4.* -/some/file.log" or somesuch, then you can find the change and trace the connection ID 'conn=<number>' back to previos Bind or to the ACCEPT.
Elias Pereira wrote:
If no log setting in slapd.conf, I can check in the syslog who deleted a certain user account?
Default 'loglevel' is 'stats'. You can see log lines with DEL but you have to trace connection number to find the accompanying BIND.
I'd recommend to use slapo-accesslog [1] for a really decent audit log:
http://www.openldap.org/software/man.cgi?query=slapo-accesslog
Ciao, Michael.
openldap-technical@openldap.org
-
Elias Pereira -
Hallvard Breien Furuseth -
Michael Ströder