[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Bind DN not logged with GSSAPI binds (ITS#2283)

To: openldap-its@OpenLDAP.org
Subject: Re: Bind DN not logged with GSSAPI binds (ITS#2283)
From: quanah@stanford.edu
Date: Wed, 22 Jan 2003 22:27:50 GMT

--On Wednesday, January 22, 2003 1:35 PM -0800 "Kurt D. Zeilenga" 
<Kurt@OpenLDAP.org> wrote:

> At 12:56 PM 1/22/2003, quanah@stanford.edu wrote:
>> Okay, I understand your point.  I guess what I'm looking at, is the logs
>> don't reflect back to me, where I'm getting my permissions at.
>
> For this, I think, you need to enable ACL logging.

Kurt,

I'll note that this bumps up our logsize from 9 lines per connection to 102 
lines for the same simple search (loglevel 384).  This is really not 
sustainable for us.  From an operating perspective on the openldap side, I 
can see where the ACL difference is compared to the information that we are 
looking for, especially given that it checks what ACL to use for each 
attribute.  We currently log 9 connections per query on our netscape 
systems, and still log approximately 300MB of information per machine (with 
9 machines) a day.  I think we will simply have to only use this for 
debugging.

--Quanah

--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Prev by Date: Re: Bind DN not logged with GSSAPI binds (ITS#2283)
Next by Date: Re: Bind DN not logged with GSSAPI binds (ITS#2283)
Index(es):
- Chronological
- Thread