Openldap: How to restrict the audit log to track only user lockout, unlock and disable features

Question

I have enabled the audit log for Open LDAP for the our system. However, the log is showing all access details. For eg; a positive login is having the below entry.

changetype: modify
replace: authTimestamp
authTimestamp: 20150915171011Z

I need to restrict the audit log for only when user account is unlocked or new user account is added or an existing account is deleted.

Tracking every access details will make the log file very big too.

Is it possible to restrict the audit log to track only certain attribute changes?

For eg: a failure attempt has the below entry

   changetype: modify
   add: pwdFailureTime
   pwdFailureTime: 20150915170706Z

I need to track only those attributes which are failed like above.

My slapd.conf file has the below entry.

#
# Audit information
#
overlay auditlog
auditlog /tmp/auditlog.ldif

Thanks,

user207421 · Accepted Answer · 2015-09-16T22:31:17.143

2

You can't, as the merest glance at the auditlog documentation shows.

What you may be looking for is the accesslog overlay. It is at least configurable. More probably you should be adding the logging you need into your application.

edited Sep 16 '15 at 22:31

answered Sep 16 '15 at 21:24

user207421

305,947
44
307
483

Thank you for the answer and the suggestion of accesslog. – Liju Mathew Sep 28 '15 at 19:37

Openldap: How to restrict the audit log to track only user lockout, unlock and disable features

1 Answers1