| Summary: | Overlay accesslog option logoldattr doesn't function | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | David Spurek <dspurek> | ||||
| Component: | openldap | Assignee: | Jan Vcelak <jvcelak> | ||||
| Status: | CLOSED NOTABUG | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 6.1 | CC: | dspurek, ebenes, jplans, jvcelak, omoris, tsmetana | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2011-08-17 13:24:25 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
'logoldattr' is expected to work only with 'logold' settings. By default (== if 'logoldattr' is not specified), only the content of attributes that were modified is logged. If 'logoldattr' is present, the specified attributes will be logged as well - even if they were not modified. That is how I understand the slapo-accesslog manual page. overlay accesslog logdb cn=log,dc=my-domain,dc=com logsuccess TRUE logold (objectClass=person) logops writes dn: cn=usr1, dc=my-domain,dc=com changetype: modify replace: sn sn: xxx dn: reqStart=20110817130440.000000Z,cn=log,dc=my-domain,dc=com reqOld: sn: usr1 reqOld: entryCSN: 20110817130247.125920Z#000000#000#000000 reqOld: modifiersName: cn=manager,dc=my-domain,dc=com reqOld: modifyTimestamp: 20110817130247Z --- overlay accesslog logdb cn=log,dc=my-domain,dc=com logsuccess TRUE logold (objectClass=person) logoldattr mail logops writes dn: cn=usr1, dc=my-domain,dc=com changetype: modify replace: sn sn: xxx dn: reqStart=20110817130440.000000Z,cn=log,dc=my-domain,dc=com reqOld: sn: usr1 reqOld: mail: usr1.mail reqOld: entryCSN: 20110817130247.125920Z#000000#000#000000 reqOld: modifiersName: cn=manager,dc=my-domain,dc=com reqOld: modifyTimestamp: 20110817130247Z -- This is a correct behavior. Closing as NOTABUG. |
Created attachment 514638 [details] Slapd configuration file Description of problem: Overlay accesslog option logoldattr doesn't function. With this option should be in log old value of specified attribute after modify operation, but it is missing. Version-Release number of selected component (if applicable): openldap-servers-2.4.23-15.el6 How reproducible: always Steps to Reproduce: 1.slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/ (slapd.conf is in attachement) 2.add entry dn: dc=my-domain,dc=com objectClass: dcObject objectClass: organization dc: my-domain o: my-domain description: my-domain dn: cn=Manager,dc=my-domain,dc=com objectClass: organizationalRole cn: Manager description: Directory Manager dn: cn=usr1,dc=my-domain,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: usr1 sn: usr1 mail: usr1 uid: usr1 3.modify mail attribute dn: cn=usr1, dc=my-domain,dc=com changetype: modify replace: mail mail: usr.mail 4.search log ldapsearch -LLL -x -b cn=log,dc=my-domain,dc=com Actual results: Old mail value after modify missing in log. Expected results: Old value is in log. Additional info: Compare with logold option funcionality, after delete specified objectclass, the old values are in log as reqOld attributes. I expect similar funcionality with logoldattr.