Hi,
the accesslog in my production environment is growing quite large which makes backing it up challenging.
The reason is that there are plenty of accesslog entires which originate from slapo-ppolicy (users who can't remember their
passwords):
dn: reqStart=20140219033229.000000Z,cn=accesslog
reqOld: pwdFailureTime: 20140218152927Z
reqOld: pwdFailureTime: 20140218152957Z
reqOld: pwdFailureTime: 20140218153027Z
reqOld: pwdFailureTime: 20140218153057Z
as I don't need pwdFailureTime in reqOld I would like to exclude this attribute form reqOld.
I is my understanding that:
* olcAccessLogOld
only allows me to exclude whole user objects from appearing in reqOld (as I need reqOld info for users I can't do this)
olcAccessLogOldAttr
- only allows specifying a positive list of attributes that gets logged no matter whether they changed or not.
what I need is something like:
dn: olcOverlay={3}accesslog,olcDatabase={5}mdb,cn=config
olcAccessLogOldAttr: !pwdFailureTime
(a way to specify a list of attribs that never get logged even if they have changed)
is there a way I can get rid of the pwdFailureTime in the accesslog?
Best regards,
Marvin Mundry
University of Hamburg
Regional Computer Center (RRZ)
Division Zentrale Dienste
Schlueterstrasse 70
20146 Hamburg
+49 (0)40 42838-9109
Attachment:
smime.p7s
Description: S/MIME cryptographic signature