Bug 724890 - Overlay accesslog option logoldattr doesn't function
Summary: Overlay accesslog option logoldattr doesn't function
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openldap
Version: 6.1
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: rc
: ---
Assignee: Jan Vcelak
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-07-22 08:09 UTC by David Spurek
Modified: 2015-03-02 05:26 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-08-17 13:24:25 UTC
Target Upstream Version:

Attachments (Terms of Use)
Slapd configuration file (1.67 KB, application/octet-stream)
2011-07-22 08:09 UTC, David Spurek 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Description David Spurek 2011-07-22 08:09:14 UTC 
Created attachment 514638 [details]
Slapd configuration file

Description of problem:
Overlay accesslog option logoldattr doesn't function. With this option should be in log old value of specified attribute after modify operation, but it is missing.

Version-Release number of selected component (if applicable):
openldap-servers-2.4.23-15.el6

How reproducible:
always

Steps to Reproduce:
1.slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
(slapd.conf is in attachement)
2.add entry
dn: dc=my-domain,dc=com
objectClass: dcObject
objectClass: organization
dc: my-domain
o: my-domain
description: my-domain

dn: cn=Manager,dc=my-domain,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager

dn: cn=usr1,dc=my-domain,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: usr1
sn: usr1
mail: usr1
uid: usr1

3.modify mail attribute
dn: cn=usr1, dc=my-domain,dc=com
changetype: modify
replace: mail
mail: usr.mail

4.search log
ldapsearch -LLL -x -b cn=log,dc=my-domain,dc=com
  
Actual results:
Old mail value after modify missing in log.

Expected results:
Old value is in log.

Additional info:
Compare with logold option funcionality, after delete specified objectclass, the old values are in log as reqOld attributes. I expect similar funcionality with logoldattr.
Comment 1 Jan Vcelak 2011-08-17 13:24:25 UTC 
'logoldattr' is expected to work only with 'logold' settings. By default (== if 'logoldattr' is not specified), only the content of attributes that were modified is logged. If 'logoldattr' is present, the specified attributes will be logged as well - even if they were not modified. That is how I understand the slapo-accesslog manual page.

overlay accesslog
logdb cn=log,dc=my-domain,dc=com
logsuccess TRUE
logold (objectClass=person)
logops writes

dn: cn=usr1, dc=my-domain,dc=com
changetype: modify
replace: sn
sn: xxx

dn: reqStart=20110817130440.000000Z,cn=log,dc=my-domain,dc=com
reqOld: sn: usr1
reqOld: entryCSN: 20110817130247.125920Z#000000#000#000000
reqOld: modifiersName: cn=manager,dc=my-domain,dc=com
reqOld: modifyTimestamp: 20110817130247Z

---

overlay accesslog
logdb cn=log,dc=my-domain,dc=com
logsuccess TRUE
logold (objectClass=person)
logoldattr mail
logops writes

dn: cn=usr1, dc=my-domain,dc=com
changetype: modify
replace: sn
sn: xxx

dn: reqStart=20110817130440.000000Z,cn=log,dc=my-domain,dc=com
reqOld: sn: usr1
reqOld: mail: usr1.mail
reqOld: entryCSN: 20110817130247.125920Z#000000#000#000000
reqOld: modifiersName: cn=manager,dc=my-domain,dc=com
reqOld: modifyTimestamp: 20110817130247Z

--

This is a correct behavior. Closing as NOTABUG.
Note You need to log in before you can comment on or make changes to this bug.