Von: Ulrich Windl <Ulrich.Windl(a)rz.uni-regensburg.de>
Gesendet: Do 16.10.2014 13:46
Betreff: Q: accesslog and sessions
I have configured accesslog for modification (attempts) in a multi-master
configuration. Comparing accesslogs after some changes, I find some issues
(openLDAP 2.4.26 of SLES11 SP3):
On the originating server the "reqSession" varies with the connection made,
while on a replication consumer the "reqSession" seems fixed (always 2 in one
'cause of replication.
Also on the originating server I see the authenticated DN in
"reqAuthzID", while on the replication consumer it seems to be always
"cn=Admin,dc=example,dc=org". "reqStart" and "reqEnd" are
also local for the
'cause the repl consumer writes to the database as admin user.
Now at least I have a problem with "reqSession": If you examine accesslog at
some later time, those volatile session IDs don't tell you anything anymore
(e.g. the host that opened the connection). Could acesslog be modified to add
some details from the session (like monitorConnectionPeerAddress,
This woule be a very nice feature, indeed.