#48834 Modifier's name is not recorded in the audit log with modrdn and moddn operations
Closed: wontfix None Opened 4 years ago by nhosoi.

Description of problem:

Modifier's name is not recorded in the audit log with modrdn and moddn
operations

Version-Release number of selected component (if applicable):

RHEL Version:
RHEL 7.3 x86_64 Server

DS Version:
389-ds-base-libs-1.3.5.3-1
389-ds-base-1.3.5.3-1

How reproducible:

Always

Steps to Reproduce:
1. Create a new DS instance

2. Enable audit logging

3. Add a user entry as below

[root@corp ~]# ldapadd -x -D 'cn=Directory Manager' -W -h localhost
-p 389
dn: uid=tuser,ou=people,dc=example,dc=com
objectclass: top
objectclass: person
objectclass: inetorgperson
uid: tuser
cn: test user
sn: user
adding new entry "uid=tuser,ou=people,dc=example,dc=com"

4) Perform a modrdn operation on the entry as below

[root@corp ~]# ldapmodify -x -D 'cn=Directory Manager' -W -h
localhost -p 389
dn: uid=tuser,ou=people,dc=example,dc=com
changetype: modrdn
newrdn: uid=testuser
deleteoldrdn: 1
modifying rdn of entry "uid=tuser,ou=people,dc=example,dc=com"

5) Check the audit log in /var/log/dirsrv/slapd-corp/ directory, only this
information is recorded

time: 20160512143153
dn: uid=tuser,ou=People,dc=example,dc=com
result: 0
changetype: modrdn
newrdn: uid=testuser
deleteoldrdn: 1

as can be seen, the modifiers name is missing here

6) Perform a moddn operation on the entry as below

[root@corp ~]# ldapmodify -x -D 'cn=Directory Manager' -W -h
localhost -p 389
dn: uid=testuser,ou=people,dc=example,dc=com
changetype: moddn
newrdn: uid=tuser
deleteoldrdn: 1
newsuperior: ou=groups,dc=example,dc=com
modifying rdn of entry "uid=testuser,ou=people,dc=example,dc=com"

7) check the audit logs

time: 20160512143829
dn: uid=testuser,ou=People,dc=example,dc=com
result: 0
changetype: modrdn
newrdn: uid=tuser
deleteoldrdn: 1

again, the modifiers name is missing here


Expected results:

The modifier's name should be recorded in the audit logs with modrdn and
moddn operations

Is creatorsname already covered? If yes, then ack

Replying to [comment:4 mreynolds]:

Is creatorsname already covered? If yes, then ack
Thanks Mark!

Actually, the modifiersname is for showing the DN who did the modrdn as seen in delete.
{{{
time: 20160518141852
dn: uid=tuser104,ou=People,dc=example,dc=com
result: 0
changetype: delete
modifiersname: cn=directory manager
}}}
Do you think there is something we should add for creatorsname in modrdn?

Thanks for the review and comments, Mark. I assume the patch is okay.

Pushed to master:
d13057e..e965c74 master -> master
commit e965c74

commit 5601fe4
Writing objects: 100% (6/6), 768 bytes | 0 bytes/s, done.
Total 6 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
e965c74..5601fe4 master -> master

One line fix for jenkins.

Metadata Update from @nhosoi:
- Issue assigned to nhosoi
- Issue set to the milestone: 1.3.5.5

3 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1894

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

18 days ago

Login to comment on this ticket.

Metadata