The hidden log features of ns-slapd
This week I discovered (Or dug up: ns-slapd is old) that we have two hidden logging features. In fact searching for one of them yields no results, searching the other shows a document that says it's undocumented.
This post hopes to rectify that.
In ns-slapd, during a normal operation you can see what a connected client is searching in the access log, or what they are changing based on the audit log.
If on a configuration for a plugin you need to diagnose these operations you can't do this... At least that's what the documentation tells you.
You can enable logging for search operations on a plugin through the value:
You can enabled logging for mod/modrdn/del/add operations on a plugin through the value:
This will yield logs such as:
time: 20151204143353 dn: uid=test1,ou=People,dc=example,dc=com result: 0 changetype: modify delete: memberOf - replace: modifiersname modifiersname: cn=MemberOf Plugin,cn=plugins,cn=config - replace: modifytimestamp modifytimestamp: 20151204043353Z - time: 20151204143353 dn: cn=Test Managers,ou=Groups,dc=example,dc=com result: 0 changetype: modify delete: member member: uid=test1,ou=People,dc=example,dc=com - replace: modifiersname modifiersname: cn=directory manager - replace: modifytimestamp modifytimestamp: 20151204043353Z -
Finally, a new option has been added that will enable both on all plugins in the server.
All of these configurations are bound by and respect the following settings:
nsslapd-accesslog-logging-enabled nsslapd-auditlog-logging-enabled nsslapd-auditfaillog-logging-enabled