On 06/15/2015 05:23 AM, Prashant Bapat wrote:
There is no error. It goes thru fine. When I restart the LDAP server
after adding it, there is nothing in the audit file. And no entry in
the dse.ldif.
Are you directly modifying the dse.ldif? If so, you MUST do so while
the server is stopped, otherwise the change is lost. The best way is to
use ldapmodify:
Example:
# ldapmodify -D "cn=directory manager" -W -p PORT -h HOST
dn: cn=config
changetype: modify
replace: nsslapd-auditlog-logging-enabled
nsslapd-auditlog-logging-enabled: on
Enabling the audit log should log the change to enable it, so after
making this update the audit log should not be empty
(/var/log/dirsrv/slapd-INSTANCE/audit).
Mark
On 15 June 2015 at 13:39, German Parente <gpare...@redhat.com
<mailto:gpare...@redhat.com>> wrote:
Hi Prashant,
it should work in the same way. Are you having an error doing your
ldapmodify ?
There's not a specific entry for nsslapd-auditlog-logging-enabled.
nsslapd-auditlog-logging-enabled is an attribute of cn=config entry.
You should be able to query it by this command:
ldapsearch -xLLL -D "cn=directory manager" -W -b "cn=config" -s
base nsslapd-auditlog-logging-enabled
dn: cn=config
nsslapd-auditlog-logging-enabled: on
Regards,
German.
----- Original Message -----
> From: "Prashant Bapat" <prash...@apigee.com
<mailto:prash...@apigee.com>>
> To: "389-users" <389-users@lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>>
> Sent: Monday, June 15, 2015 9:56:48 AM
> Subject: [389-users] Not able to enable audit logs
>
> Hi,
>
> I have a setup of master-master replicated 389 DS installations
as part of
> FreeIPA.
>
> This is the version of the 389-ds :
389-ds-base-1.3.3.8-1.fc21.x86_64
>
> On 1st server, I was able to enable the audit logs using the
following LDIF.
>
>
>
>
> dn: cn=config
> changetype: modify
> replace: nsslapd-auditlog-logging-enabled
> nsslapd-auditlog-logging-enabled: on
>
> However, the same LDIF when I run on the second server (which is the
> replicated master) the audit logs never get enabled. I'm not
able to find
> the nsslapd-auditlog-logging-enabled entry under the dse.ldif .
I have tried
> restarting etc but no luck.
>
> Is this normal ?
>
> Thanks.
> --Prashant
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users