Hello,
I try to enable accesslog overlay on a database with the overlay ppolicy enabled (with brute-force protection). My goal is to build an historic of users authentication fails and the effect of the ppolicy overlay on their account.
I enabled accesslog on the database with logging of the "session" operations and in this case, all users authentication fails are stored as modification of the pwdFailureTime attribute. It's great but I also would also like to have an explicit trace of the bind operation failure (with the error message of ppolicy in reqMessage).
I also tried to configure the accesslog overlay on frontend and in this case, I had an explicit trace of the bind failure but no trace of the pwdFailureTime attribute modification.
Finally, I tried to configure the accesslog overlay on both frontend and database levels, but accesslog on database seems to take over the other and the result is identical with accesslog configured only on database level.
Do you known how I could configure the accesslog overlay to log both bind failure and the pwdFailureTime attribute modification ?
Regards,
openldap-technical@openldap.org