Ticket 48145 - RFE Add log file for rejected changes
https://fedorahosted.org/389/ticket/48145
http://www.port389.org/docs/389ds/design/audit_improvement.html
Bug Description: Add log file for rejected changes: This will help with
debug third party and other applications that are failing to connect to or
work correctly with ldap servers.
Fix Description: The bulk of this code is duplication of existing audit log
code. The remainder that is new is configuration items in schema, an update
to the template dse.ldif for installation, hooking in add.c, delete.c,
modify.c and modrdn.c. Finally, we extract the return code in
write_auditfail_log_entry and insert this to the fail log.
You can enable this with:
cn=config
nsslapd-auditfaillog-logging-enabled: on
The auditfail log is:
var/log/dirsrv/slapd-%instance%/auditfail
And contains entries such as:
time: 20151111152800
dn: uid=test,dc=example,dc=com
result: 65
changetype: modify
replace: objectClass
objectClass: account
objectClass: posixGroup
objectClass: simpleSecurityObject
objectClass: top
-
Note the result maps to the ldap result code, in this case 65 == 0x41
LDAP_OBJECT_CLASS_VIOLATION 0x41
Author: wibrown
Review by: mreynolds, nhosoi (Thanks!)