i have a problem with the modules lastbind and access log. Without lastbind modulo i can to audit the login of users finding the bind entries in the accesslog database. My problem is that when i active the lastbind module, this bind entries not appear in access log database. Instead appear modify entries that modify the AUTHTIMESTAMP attribute in the users that did the login, and the reqAuthnz of the modify is the rootDN of the directory. I can change the mode to audit the login finding this new entries, but i want to know if this is the normal funcionality or this a problem in the interaction of both.
Thanks to all.
David Tello wrote:
i have a problem with the modules lastbind and access log. Without lastbind modulo i can to audit the login of users finding the bind entries in the accesslog database. My problem is that when i active the lastbind module, this bind entries not appear in access log database. Instead appear modify entries that modify the AUTHTIMESTAMP attribute in the users that did the login, and the reqAuthnz of the modify is the rootDN of the directory. I can change the mode to audit the login finding this new entries, but i want to know if this is the normal funcionality or this a problem in the interaction of both.
Which OpenLDAP version are you using?
Which overlay order do you have? I use overlay lastbind after accesslog.
Ciao, Michael.
Hi Michael,
I have a old version of OpenLDAP (2.4.10-3), but in few days i will actualize this. Do you think that this may be the cause?
I use overlay lastbind before accesslog, i will change the order to try.
Do you have this configuration running correctly?
Thanks!
On Tue, Nov 11, 2014 at 4:58 PM, Michael Ströder michael@stroeder.com wrote:
David Tello wrote:
i have a problem with the modules lastbind and access log. Without
lastbind
modulo i can to audit the login of users finding the bind entries in the accesslog database. My problem is that when i active the lastbind module, this bind entries not appear in access log database. Instead appear
modify
entries that modify the AUTHTIMESTAMP attribute in the users that did the login, and the reqAuthnz of the modify is the rootDN of the directory. I can change the mode to audit the login finding this new entries, but i
want
to know if this is the normal funcionality or this a problem in the interaction of both.
Which OpenLDAP version are you using?
Which overlay order do you have? I use overlay lastbind after accesslog.
Ciao, Michael.
--On November 11, 2014 at 6:39:35 PM +0100 David Tello david.tello.wbsgo@gmail.com wrote:
Hi Michael,
I have a old version of OpenLDAP (2.4.10-3), but in few days i will actualize this. Do you think that this may be the cause?
I would strongly advise you upgrade ASAP. You should read over http://www.openldap.org/software/release/changes.html and move to 2.4.40 as soon as you can.
--Quanah
Quanah Gibson-Mount wrote:
--On November 11, 2014 at 6:39:35 PM +0100 David Tello david.tello.wbsgo@gmail.com wrote:
I have a old version of OpenLDAP (2.4.10-3), but in few days i will actualize this. Do you think that this may be the cause?
I would strongly advise you upgrade ASAP. You should read over http://www.openldap.org/software/release/changes.html and move to 2.4.40 as soon as you can.
I strongly agree with Quanah. When looking over CHANGES of 2.4.40 you will find a lot of subtle issues with overlays have been fixed during the last years.
Ciao, Michael.
openldap-technical@openldap.org