Howard Chu wrote: > A. Schulze wrote: >> this is my third and last patch I send today :-) >> >> I compiled openldap with '--enable-rlookups' and set 'reverse-lookup on' in >> slapd.conf >> I like to see the remote hostname logged. That didn't work somehow. >> ( I wrote this patch months ago and could not describe the real problem anymore) >> >> >> Anyway: the patch modify log output: >> >> reverse-lookup off: >> conn=4846 fd=42 ACCEPT from IP=127.0.0.1:46058 (IP=127.0.0.1:389) >> >> reverse-lookup on: >> conn=4191 fd=18 ACCEPT from localhost (IP=127.0.0.1:389) >> >> I never tested with ldapi:// connections. >> Also I expect the patch is not optimal for performance. But it works here in a >> small environment. > > Indeed, in a busy environment the DNS resolver itself is too slow for slapd. > I've got no particular comment on this patch since I never enable reverse > lookups. But IMO, this sort of thing is best left to a logfile postprocessor, > because handling it directly in slapd will be too slow. I wholeheartly agree. Maybe this feature should be removed in 2.5 to make that really clear. Likely this would also hunk out ACLs based on hostnames. But that's a pretty dangerous feature anyway. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature