[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapo-accesslog: Preserve some attributes of deleted entries in auditDelete entries



Michael Ströder wrote:
Howard Chu wrote:
Michael Ströder wrote:
When using slapo-accesslog in a meta-directory environment you might
wanna
query the accesslog database for quickly detecting deleted entries with
(&(objectClass=auditDelete)(reqResult=0)(<time-interval-filter>) and act
accordingly. Now when receiving this entry of object class auditDelete
the
entry referenced by 'reqDN' is already gone. But the primary key used for
synchronization might be some attribute within the deleted entry and
not being
part of the DN.

So it would be helpful to preserve a set of configurable attributes of
the
deleted entry in those entries of object class 'auditDelete' in the
accesslog
database just like attribute 'reqOld' for modify and modifyDN requests
(configurable with logold/logoldattr).

Currently logold already logs the entire entry, so everything you could
need is already there.

Ah, ok. I misunderstood slapo-accesslog(5) and thought that this is also only
done for modify and modifyDN requests. To preserve disk space slapo-accesslog
could also take logoldattr into account for delete requests.

logoldattr is to specify *additional* attributes beyond the ones already being touched in the modify request. Since delete already logs everything, there is no purpose for it here.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/