Issue #333 has been updated by Clément OUDOT. Category set to OpenLDAP RPM Status changed from New to Assigned Assigned to set to Clément OUDOT
Hi Nick, thanks for the report. So if everything is going well without the OpenLDAP restart, we will remove it from logrotate script. ---------------------------------------- Feature #333: pam_unix records event http://tools.lsc-project.org/issues/333 Author: Nick Milas Status: Assigned Priority: Normal Assigned to: Clément OUDOT Category: OpenLDAP RPM Target version: openldap-rpm-? Hello, I am using http://tools.ltb-project.org/attachments/download/226/openldap-ltb-2.4.26-1.el5.x86_64.rpm on two boxes and it's working without problems. Yet, I have noticed that /var/log/secure records the following events when daily cron jobs run (4:02AM). <pre> Aug 25 04:02:09 vmail su: pam_unix(su-l:session): session opened for user ldap by (uid=0) Aug 25 04:02:09 vmail su: pam_unix(su-l:session): session closed for user ldap </pre> This recording, although probably harmless, should best be avoided. I assume it is obviously due to slapd restart by the logrotate script: <pre> # cat /etc/logrotate.d/openldap #================================================= # Logrotate script for OpenLDAP # # Provided by LTB-project (http://www.ltb-project.org) #================================================= /var/log/openldap.log { daily rotate 10 missingok notifempty sharedscripts postrotate # reload syslog /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true # only restart if slapd is really running if test -n "`ps acx|grep slapd`"; then /sbin/service slapd restart fi endscript } </pre> [Note that this is related to the older issue: http://tools.ltb-project.org/issues/314.] I would like to mention that this doesn't happen on other ldap 2.4.22 servers running (on other boxes) with the following logrotate script: <pre> # cat /etc/logrotate.d/ldap2.4 /var/log/ldap2.4/ldap.log { missingok notifempty compress daily rotate 10 size=10M sharedscripts postrotate # OpenLDAP logs via syslog, restart syslog if running /etc/init.d/syslog condrestart endscript } </pre> So, I am wondering if you consider it correct from your side for us to try to use the above script (adapted) for ltb-openldap log rotation. You may also want to test it on your test rigs. Best regards, Nick -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
