5420e15 Ticket 48145 - RFE Add log file for rejected changes

Authored and Committed by William Brown 8 years ago
    Ticket 48145 - RFE Add log file for rejected changes
    https://fedorahosted.org/389/ticket/48145
    http://www.port389.org/docs/389ds/design/audit_improvement.html
    
    Bug Description:   Add log file for rejected changes: This will help with
    debug third party and other applications that are failing to connect to or
    work correctly with ldap servers.
    
    Fix Description:  The bulk of this code is duplication of existing audit log
    code. The remainder that is new is configuration items in schema, an update
    to the template dse.ldif for installation, hooking in add.c, delete.c,
    modify.c and modrdn.c. Finally, we extract the return code in
    write_auditfail_log_entry and insert this to the fail log.
    
    You can enable this with:
    
    cn=config
    nsslapd-auditfaillog-logging-enabled: on
    
    The auditfail log is:
    
    var/log/dirsrv/slapd-%instance%/auditfail
    
    And contains entries such as:
    
    time: 20151111152800
    dn: uid=test,dc=example,dc=com
    result: 65
    changetype: modify
    replace: objectClass
    objectClass: account
    objectClass: posixGroup
    objectClass: simpleSecurityObject
    objectClass: top
    -
    
    Note the result maps to the ldap result code, in this case 65 == 0x41
    LDAP_OBJECT_CLASS_VIOLATION     0x41
    
    Author: wibrown
    
    Review by: mreynolds, nhosoi (Thanks!)
    
        
file modified
+13 -0
file modified
+5 -0
file modified
+210 -110
file modified
+12 -0
file modified
+5 -0
file modified
+187 -15
file modified
+825 -128
file modified
+31 -0
file modified
+5 -0
file modified
+6 -0
file modified
+35 -0