[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Trace the change on the directory [auf Viren überprüft]
Hi!
Timur Izhbulatov schrieb:
Is it possible on openLdap 2.3.18 to trace the change on the directory like the new entry or updated entry ? it's not for replication , I just want to build a change log file.
See man slapo-accesslog
I tried this and it works.
database bdb
subordinate
suffix "ou=log,ou=foo,c=de"
directory /opt/mail/var/log-data
index reqStart eq
access to dn.base="ou=log,ou=foo,c=de"
by * write
access to dn.subtree="ou=log,foo,c=de"
by * write
overlay accesslog
logdb "ou=log,ou=foo,c=de"
logops writes
But I could define another acl then the one above (which is very loose),
even "by users write" did not work.
=> access_allowed: add access to "ou=log,ou=foo,c=de" "children" requested
[...]
=> dn: [5] ou=log,ou=foo,c=de
=> acl_get: [5] matched
=> acl_get: [5] attr children
=> acl_mask: access to entry "ou=log,ou=foo,c=de", attr "children" requested
=> acl_mask: to all values by "", (=0)
<= check a_dn_pat: users
<= acl_mask: no more <who> clauses, returning =0 (stop)
=> access_allowed: add access denied by =0
bdb_add: no write access to parent
Hans