Hello,
i am looking for a way to set an ACL entry for cn=accesslog, which is where i am logging the slapo-accesslog overlay entries to.
I tried to set set it with the following:
dn: olcDatabase{1}mdb,cn=config changeType: modify add: olcAccess alcAccess: to db.base="cn=accesslog" by dn.base="cn=ldap_cleanup,o=<....>" read by * break
This operation works, and i see the intry in my slapd config.
I am still unable to see entries from cn=accesslog.
Regards,
Simon
--On Thursday, February 2, 2023 3:57 PM +0100 Simon Kainz simon.kainz@tugraz.at wrote:
Hello,
i am looking for a way to set an ACL entry for cn=accesslog, which is where i am logging the slapo-accesslog overlay entries to.
I tried to set set it with the following:
dn: olcDatabase{1}mdb,cn=config changeType: modify add: olcAccess alcAccess: to db.base="cn=accesslog" by dn.base="cn=ldap_cleanup,o=<....>" read by * break
This operation works, and i see the intry in my slapd config.
I am still unable to see entries from cn=accesslog.
You've not provided enough information about your environment to determine what, if anything, is incorrect. For example, we've no clue what part of the DIT olcDatabase{1}mdb is configured to hold. Nor what user is being used to query the database, etc.
--Quanah
Simon Kainz simon.kainz@tugraz.at schrieb am 02.02.2023 um 15:57 in Nachricht
ad07ed36-5f24-cd89-32f5-fc6858e05abe@tugraz.at:
Hello,
i am looking for a way to set an ACL entry for cn=accesslog, which is where i am logging the slapo-accesslog overlay entries to.
I tried to set set it with the following:
dn: olcDatabase{1}mdb,cn=config changeType: modify add: olcAccess alcAccess: to db.base="cn=accesslog" by
What if you try "to *" instead? So can you read the auditContainer itself?
dn.base="cn=ldap_cleanup,o=<....>" read by * break
This operation works, and i see the intry in my slapd config.
I am still unable to see entries from cn=accesslog.
Regards,
Simon
Hello,
thank you, i was able to resolve this issue:
Problems were:
1.) I used the incorrect config database: My accesslog config was in olcDatabase{3}, but (as shown in my example) i added olcAccess rules to olcDatabase{1}.
2.) There was already an olcAccess entry without a trailing "break", so my newly added rule was never reached.
It works now, Thank you for your tips.
Regards,
Simon Kainz
Am 03.02.23 um 07:53 schrieb Ulrich Windl:
Simon Kainz simon.kainz@tugraz.at schrieb am 02.02.2023 um 15:57 in Nachricht
ad07ed36-5f24-cd89-32f5-fc6858e05abe@tugraz.at:
Hello,
i am looking for a way to set an ACL entry for cn=accesslog, which is where i am logging the slapo-accesslog overlay entries to.
I tried to set set it with the following:
dn: olcDatabase{1}mdb,cn=config changeType: modify add: olcAccess alcAccess: to db.base="cn=accesslog" by
What if you try "to *" instead? So can you read the auditContainer itself?
dn.base="cn=ldap_cleanup,o=<....>" read by * break
This operation works, and i see the intry in my slapd config.
I am still unable to see entries from cn=accesslog.
Regards,
Simon
openldap-technical@openldap.org
-
Quanah Gibson-Mount -
Simon Kainz -
Ulrich Windl