Hello,

I have an openldap server as an authentication backend for my organization.

I have a database with my users information. Is this database, I'm using the ppolicy overlay to control my users passwords. I'm also using the acceslog overlay (with its related cn=log database) to keep a log of modifications.

With the ppolicy overlay every mistake of a user in an authentication process triggers a modification in the user entry (for the pwdFailureTime attribute) and this modification triggers a new entry the accesslog database.

My problem is that this accesslog database is storing a huge amount of this entries and I would like to not store these kind of updates.

So my question is if there is any way to exclude some attributes from the accesslog tracking.