[Date Prev][Date Next] [Chronological] [Thread] [Top]

overlay accesslog entrydn conflict problem (err=68)



Hi all,
I have a problem with overlay accesslog.
Here is my overlay configuration:

overlay accesslog
logdb dc=log,dc=ciccio.it
logops all
logold (objectclass=inetOrgPerson)
logpurge 10+00:00 08:00
logsuccess FALSE

If I try: ldapwhoami -H ldap://myserver -D "uid=myuser,ou=People,dc=ciccio.it" -W
I obtain this in the log:

Aug 26 12:01:04 myserver slapd-dblog[12708]: conn=1003 op=19 ADD dn="reqStart=20130826100104.000000Z,dc=log,dc=ciccio.it"
Aug 26 12:01:04 myserver slapd-dblog[12708]: conn=1003 op=19 RESULT tag=105 err=0 text=
Aug 26 12:01:04 myserver slapd-dblog[12708]: conn=1005 op=12 ADD dn="reqStart=20130826100104.000000Z,dc=log,dc=ciccio.it"
Aug 26 12:01:04 myserver slapd-dblog[12708]: conn=1005 op=12 RESULT tag=105 err=68 text=
Aug 26 12:01:04 myserver slapd-dblog[12708]: conn=1003 op=20 ADD dn="reqStart=20130826100104.000004Z,dc=log,dc=ciccio.it"
Aug 26 12:01:04 myserver slapd-dblog[12708]: conn=1003 op=20 RESULT tag=105 err=0 text=

And those are the entries in the dblog:
# 20130826100104.000000Z, log.ciccio.it
dn: reqStart=20130826100104.000000Z,dc=log,dc=ciccio.it
objectClass: auditSearch
reqStart: 20130826100104.000000Z
reqEnd: 20130826100104.000001Z
reqType: search
reqSession: 1011
reqAuthzID: cn=Manager,dc=ciccio.it
reqDN: uid=myuser,ou=People,dc=ciccio.it
reqResult: 0
reqScope: base
reqDerefAliases: never
reqAttrsOnly: FALSE
reqFilter: (objectClass=groupOfNames)
reqAttr: member
reqEntries: 0
reqTimeLimit: -1
reqSizeLimit: 1

# 20130826100104.000004Z, log.ciccio.it
dn: reqStart=20130826100104.000004Z,dc=log,dc=ciccio.it
objectClass: auditObject
reqStart: 20130826100104.000004Z
reqEnd: 20130826100104.000005Z
reqType: unbind
reqSession: 1011
reqAuthzID: uid=myuser,ou=People,dc=ciccio.it

Like you can see there are a search and a unbind, but not the bind operation.

I think that err=68 is because ldapwhoami is composed of search, bind, unbind. Since the first two operation are executed at the same time and the dn of a new entry is generated using reqStart, the bind operation takes error 68 (LDAP_ALREADY_EXISTS).

How can I get around this problem? Can I modify generation of entrydn in the dblog? For example compose it in this way: "reqStart=xxxx,reqType=yyyy,dc=log,dc=ciccio.it"

Thanks a lot,
Fabio.