Hi, is there any way how to log changes to selected attribute only? I would need to monitor changes of user password (users claim that their password sometimes stops working and I have to reset them). It would be enough to audit LDAP modifications on all attributes, I think that retro changelog plugin would help, but I do not know how to configure it... Is there any documentation for this plugin? Radek
Richard Megginson
2006-Nov-13 19:42 UTC
Re: [Fedora-directory-users] Auditing attribute changes
Radek Hladik wrote:> Hi, > is there any way how to log changes to selected attribute only?No. Both the retro changelog and the audit log contain every change to every attribute.> I would need to monitor changes of user password (users claim that > their password sometimes stops working and I have to reset them). It > would be enough to audit LDAP modifications on all attributes, I think > that retro changelog plugin would help, but I do not know how to > configure it... Is there any documentation for this plugin?http://www.redhat.com/docs/manuals/dir-server/ag/7.1/replicat.html#1107718 You might also want to investigate the audit log: http://www.redhat.com/docs/manuals/dir-server/ag/7.1/dsstats.html#1092377> > > Radek > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Radek Hladik
2006-Nov-13 20:49 UTC
Re: [Fedora-directory-users] Auditing attribute changes
Richard Megginson napsal(a):> Radek Hladik wrote: >> Hi, >> is there any way how to log changes to selected attribute only? > No. Both the retro changelog and the audit log contain every change to > every attribute. >> I would need to monitor changes of user password (users claim that >> their password sometimes stops working and I have to reset them). It >> would be enough to audit LDAP modifications on all attributes, I think >> that retro changelog plugin would help, but I do not know how to >> configure it... Is there any documentation for this plugin? > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/replicat.html#1107718 > > You might also want to investigate the audit log: > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/dsstats.html#1092377 >>I''ve already enabled both of them and it seems to me that audit log contains more detailed information. I would need the IP of the user performing the modification but I think that I will be able to look it up in the access log. Radek