[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Trace the change on the directory [auf Viren überprüft]
Hi Howard!
Howard Chu schrieb:
There are many things wrong here:
1. The overlay is supposed to go on some other database, not the
database that stores the log records.
You mean: "Don't log changes from ou=log in ou=log!"?
I snipped out the main db. This is the db I want to be logged (which
worked).
database bdb
suffix "ou=foo,c=de"
rootdn "cn=gen.man,ou=foo,c=de"
rootpw nothing
directory /opt/mail/var/main-data
# Indices to maintain
[...]
logdb "ou=log,ou=foo,c=de"
logops writes
2. The slapo-accesslog(5) manpage also tells you specifically not to
allow general write access to the log database.
I did not try 2.3.24 but 2.3.19 and can't find it there. Either in man
in the web.
3. You should always index objectclass eq.
Ok.
4. You should always provide a rootdn.
Ok.
[compare - isn't that a contradiction to ?
->
http://www.openldap.org/software/man.cgi?query=slapd.conf&apropos=0&sektion=0&manpath=OpenLDAP+2.3-Release&format=html
"It is recommended that the rootdn only be specified when needed
(such as when initially populating a database). If the rootdn is
within a namingContext (suffix) of the database, a simple bind
password may also be provided using the rootpw directive. Note that the
rootdn is always needed when using syncrepl."]
Now it works without the acls.
Thanks for clarifying that.
Hans