Jan Prinsloo wrote: > I have a standalone openldap 2.4.26 setup. You really should upgrade. > We would like to use the accesslog overlay for auditing. This is a very good idea. Which costs some performance though. > I have enabled the accesslog overlay with olcAccessLogOps = all. This > writes all groups of operations (writes, reads, session) to cn=accesslog > without issues. We would also like to make use of the memberof overlay. The > issue we're seeing is that once you enable the memberof overlay, only > search, unbind, add operations are logged to accesslog. We do not see > delete, modify, modrdn values logged. If I then change the logops to > "olcAccessLogOps = add delete modify modrdn" we see those operations > logged, but no bind, search, unbind operations (ie. no reads or session). I'd suggest to first upgrade to a recent version. After that you could try fiddling with the order of the overlays. Personally I've added slapo-memberof and slapo-refint *after* slapo-accesslog. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature