[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Bind DN not logged with GSSAPI binds (ITS#2283)
--On Wednesday, January 22, 2003 1:35 PM -0800 "Kurt D. Zeilenga"
<Kurt@OpenLDAP.org> wrote:
> At 12:56 PM 1/22/2003, quanah@stanford.edu wrote:
>> Okay, I understand your point. I guess what I'm looking at, is the logs
>> don't reflect back to me, where I'm getting my permissions at.
>
> For this, I think, you need to enable ACL logging.
Kurt,
I'll note that this bumps up our logsize from 9 lines per connection to 102
lines for the same simple search (loglevel 384). This is really not
sustainable for us. From an operating perspective on the openldap side, I
can see where the ACL difference is compared to the information that we are
looking for, especially given that it checks what ACL to use for each
attribute. We currently log 9 connections per query on our netscape
systems, and still log approximately 300MB of information per machine (with
9 machines) a day. I think we will simply have to only use this for
debugging.
--Quanah
--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html