[Date Prev][Date Next] [Chronological] [Thread] [Top]

accesslog search filter using reqAttr

To: openldap-technical@openldap.org
Subject: accesslog search filter using reqAttr
From: "John Alex." <alexoz66@gmail.com>
Date: Tue, 02 Sep 2014 12:58:12 +0300
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=3QNOe2G1SKQnHh1U8nijZZkf+e2U+GpPVqgtPjjDe34=; b=rmyXmRw8WpXsIVcXPepUbrbUo8dFRkX6bhF1iA9NDNaFr+q9EVDEd5RWq4wG/nU1Ix kOAqpnA7U/bZ6p7JGNWdbkfdEqo6uMo5/v05aNMbcUo9MaUGnIMil+YWCXsPPeSXu8mu a/prymW5xCKEeuJXO6TGUfu5eU5tLz6NolR4UdFFpJ803J6WzzZzgj34C074rNlF1aIM HujqaGvnTFYqIOugfgKtgssctHwaBg/R/S5f7GVTYNP/NsiKQvZApgTrSzs3Rl4kbR5U 0NnUXd1YMCtj53zHzl9GM141gbhaP/MpZaiAOFMc8SwrACzOuXzwZ6l11Lx4fWV/+oIl LdRg==
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

Hi all,

Is anyone using "reqAttr" of accesslog overlay to find ldap requests for specific attributes?

Our accesslog db contains some entries like for example:

dn: reqStart=20140902092840.000001Z,cn=accesslog
objectClass: auditSearch
reqStart: 20140902092840.000001Z
reqEnd: 20140902092840.000002Z
reqType: search
reqSession: 1018
reqAuthzID: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
reqDN: dc=example,dc=com
reqResult: 0
reqScope: sub
reqDerefAliases: never
reqAttrsOnly: FALSE
reqFilter: (objectClass=*)
reqAttr: userPassword
reqEntries: 7
reqTimeLimit: 3600
reqSizeLimit: 500

I am trying to search using the filter "(reqAttr=userPassword)" but no results are
returned, while "(reqAttr=*)" returns all entries. What am I missing?

Using version 2.4.39

John

Follow-Ups:
- Re: accesslog search filter using reqAttr
  - From: "John Alex." <alexoz66@gmail.com>

Prev by Date: accesslog-based consumer stuck on objectClass modify on provider
Next by Date: FW: Openldap search results varies with search base
Index(es):
- Chronological
- Thread