我启用了olcDatabase = {1} hdb的审核日志,而在向ldap服务器添加一个条目后,没有任何内容写回审核日志。
1)Unbutu 14.0.4
# uname -a
Linux 2c31d748-c6b5-460d-ac5d-38c8ede8845f 3.19.0-56-generic #62~14.04.1-Ubuntu SMP Fri Mar 11 11:03:15 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
2)模块被添加到cn = module {0},cn = config
2.1)添加模块
#cat loadModule.ldif
#Load the auditlog modules.
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: auditlog.la
2.2)验证
ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config cn=module{0} |grep -v "#"
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb
olcModuleLoad: {1}syncprov
olcModuleLoad: {2}accesslog
olcModuleLoad: {3}auditlog
olcModuleLoad: {4}auditlog.la
3)添加审计日志
3.1)
# cat auditlog.ldif
dn: olcOverlay=auditlog,olcDatabase={1}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcAuditLogConfig
olcOverlay: auditlog
olcAuditlogFile: /tmp/auditlog.ldif
3.2)验证:
# ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config olcOverlay={2}auditlog |grep -v "#"
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: olcOverlay={2}auditlog,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcAuditlogConfig
olcOverlay: {2}auditlog
olcAuditlogFile: /tmp/auditlog.ldif
dn: olcOverlay={1}auditlog,olcDatabase={2}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcAuditlogConfig
olcOverlay: {1}auditlog
olcAuditlogFile: /var/log/slapd/auditlog.out
搜索:2 结果:0成功
4)添加一个条目,不会将任何内容写回审核日志
# ldapadd -x -h localhost -D cn=admin,ou=people,dc=company,dc=com -w password -f tester01.ldif
adding new entry "cn=tester01,ou=people,dc=company,dc=com"
root@2c31d748-c6b5-460d-ac5d-38c8ede8845f:~# ls -l /tmp/auditlog.ldif
-rwxrwxrwx 1 openldap openldap **0** Aug 8 23:59 /tmp/auditlog.ldif