On Wed, Jun 28, 2017 at 05:33:26PM +0200, Michael Ströder wrote:

HI!

I have several accesslog entries with 'reqMod' containing a single colon. :-/

Example (excerpt):

[..] reqMod: aeTicketId:- IAM-31 reqMod:: Og== reqMod: aeTicketId:+ IAM-201 reqMod: member:- uid=foo1,cn=ae,ou=ae-dir reqMod: member:- uid=foo2,cn=ae,ou=ae-dir reqMod:: Og== reqMod: member:+ uid=foo1,cn=ae,ou=ae-dir reqMod: member:+ uid=foo2,cn=ae,ou=ae-dir reqMod: member:+ uid=foo3,cn=ae,ou=ae-dir reqMod: memberUid:- foo1 reqMod: memberUid:- foo2 reqMod:: Og== reqMod: memberUid:+ foo1 reqMod: memberUid:+ foo2 reqMod: memberUid:+ foo3 [..]

(before you ask: An account foo3 added to Æ-DIR user group with hybrid group schema compatible to RFC2307 and RFC2307bis.)

Under which circumstances is slapo-accesslog writing a single colon?

Currently I cannot easily reproduce it and I don't know what was so special about this particular modify operation (sent by web2ldap).

Hi, this is intended and how the issue in ITS#6545 has been fixed.

The operation you are looking at has removed some values, then added other values for the same attribute straight away as another modify within the same op.

Regards,