slapo-auditlog(5) - Man pages

SLAPO-AUDITLOG(5)             File Formats Manual             SLAPO-AUDITLOG(5)

NAME
       slapo-auditlog - Audit Logging overlay to slapd

SYNOPSIS
       /etc/ldap/slapd.conf

       /etc/ldap/slapd.d

DESCRIPTION
       The  Audit  Logging overlay can be used to record all changes on a given
       backend database to a specified log file. Changes are logged as standard
       LDIF, with an additional comment header providing six fields of informa-
       tion about the change. A second comment header is added at  the  end  of
       the operation to note the termination of the change.

       For  Add and Modify operations the identity comes from the modifiersName
       associated with the operation. This is  usually  the  same  as  the  re-
       questor's  identity,  but  may be set by other overlays to reflect other
       values.

CONFIGURATION
       This slapd.conf option applies to the Audit Logging overlay.  It  should
       appear after the overlay directive.

       auditlog <filename>
              Specify the fully qualified path for the log file.

       olcAuditlogFile <filename>
              For use with cn=config

COMMENT FIELD INFORMATION
       The first field is the operation type.
       The  second  field  is  the  timestamp of the operation in seconds since
       epoch.
       The third field is the suffix of the database.
       The fourth field is the recorded modifiersName.
       The fifth field is the originating IP address and port.
       The sixth field is the connection number. A connection number of -1  in-
       dicates an internal slapd operation.

EXAMPLE
       The  following  LDIF could be used to add this overlay to cn=config (ad-
       just to suit)

              dn: olcOverlay=auditlog,olcDatabase={1}mdb,cn=config
              changetype: add
              objectClass: olcOverlayConfig
              objectClass: olcAuditLogConfig
              olcOverlay: auditlog
              olcAuditlogFile: /tmp/auditlog.ldif

EXAMPLE CHANGELOG
              # modify 1614223245 dc=example,dc=com cn=admin,dc=example,dc=com IP=[::1]:47270 conn=1002
              dn: uid=joepublic,ou=people,dc=example,dc=com
              changetype: modify
              replace: displayName
              displayName: Joe Public
              -
              replace: entryCSN
              entryCSN: 20210225032045.045229Z#000000#001#000000
              -
              replace: modifiersName
              modifiersName: cn=admin,dc=example,dc=com
              -
              replace: modifyTimestamp
              modifyTimestamp: 20210225032045Z
              -
              # end modify 1614223245

FILES
       /etc/ldap/slapd.conf
              default slapd configuration file

       /etc/ldap/slapd.d
              default slapd configuration directory

SEE ALSO
       slapd.conf(5), slapd-config(5).

OpenLDAP 2.6.10+dfsg-1             2025/05/22                 SLAPO-AUDITLOG(5)

Generated by dwww version 1.16 on Tue Dec 16 04:46:49 CET 2025.