[Date Prev][Date Next] [Chronological] [Thread] [Top]

Excluding attributes fom reqOld



Hi,

the accesslog in my production environment is growing quite large which makes backing it up challenging.

The reason is that there are plenty of accesslog entires which originate from slapo-ppolicy (users who can't remember their 
passwords):

dn: reqStart=20140219033229.000000Z,cn=accesslog
reqOld: pwdFailureTime: 20140218152927Z
reqOld: pwdFailureTime: 20140218152957Z
reqOld: pwdFailureTime: 20140218153027Z
reqOld: pwdFailureTime: 20140218153057Z

as I don't need pwdFailureTime in reqOld I would like to exclude this attribute form reqOld.

I is my understanding that:
* olcAccessLogOld
only allows me to exclude whole user objects from appearing in reqOld (as I need reqOld info for users I can't do this)

olcAccessLogOldAttr
- only allows specifying a positive list of attributes that gets logged no matter whether they changed or not.

what I need is something like:

dn: olcOverlay={3}accesslog,olcDatabase={5}mdb,cn=config
olcAccessLogOldAttr: !pwdFailureTime

(a way to specify a list of attribs that never get logged even if they have changed)

is there a way I can get rid of the pwdFailureTime in the accesslog?


Best regards,

Marvin Mundry
University of Hamburg
Regional Computer Center (RRZ)
Division Zentrale Dienste
Schlueterstrasse 70
20146 Hamburg
+49 (0)40 42838-9109

Attachment: smime.p7s
Description: S/MIME cryptographic signature