Hi, the accesslog in my production environment is growing quite large which makes backing it up challenging. The reason is that there are plenty of accesslog entires which originate from slapo-ppolicy (users who can't remember their passwords): dn: reqStart=20140219033229.000000Z,cn=accesslog reqOld: pwdFailureTime: 20140218152927Z reqOld: pwdFailureTime: 20140218152957Z reqOld: pwdFailureTime: 20140218153027Z reqOld: pwdFailureTime: 20140218153057Z as I don't need pwdFailureTime in reqOld I would like to exclude this attribute form reqOld. I is my understanding that: * olcAccessLogOld only allows me to exclude whole user objects from appearing in reqOld (as I need reqOld info for users I can't do this) olcAccessLogOldAttr - only allows specifying a positive list of attributes that gets logged no matter whether they changed or not. what I need is something like: dn: olcOverlay={3}accesslog,olcDatabase={5}mdb,cn=config olcAccessLogOldAttr: !pwdFailureTime (a way to specify a list of attribs that never get logged even if they have changed) is there a way I can get rid of the pwdFailureTime in the accesslog? Best regards, Marvin Mundry University of Hamburg Regional Computer Center (RRZ) Division Zentrale Dienste Schlueterstrasse 70 20146 Hamburg +49 (0)40 42838-9109
Attachment:
smime.p7s
Description: S/MIME cryptographic signature