Hi!
Timur Izhbulatov schrieb:Is it possible on openLdap 2.3.18 to trace the change on the directory like the new entry or updated entry ? it's not for replication , I just want to build a change log file.See man slapo-accesslogI tried this and it works.
database bdb subordinate suffix "ou=log,ou=foo,c=de" directory /opt/mail/var/log-data index reqStart eq
access to dn.base="ou=log,ou=foo,c=de" by * write access to dn.subtree="ou=log,foo,c=de" by * write
overlay accesslog logdb "ou=log,ou=foo,c=de" logops writes
There are many things wrong here:
But I could define another acl then the one above (which is very loose), even "by users write" did not work.
=> access_allowed: add access to "ou=log,ou=foo,c=de" "children" requested
[...]
=> dn: [5] ou=log,ou=foo,c=de
=> acl_get: [5] matched
=> acl_get: [5] attr children
=> acl_mask: access to entry "ou=log,ou=foo,c=de", attr "children" requested
=> acl_mask: to all values by "", (=0)
<= check a_dn_pat: users
<= acl_mask: no more <who> clauses, returning =0 (stop)
=> access_allowed: add access denied by =0
bdb_add: no write access to parent
Hans
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/