1 1.5 tron .lf 1 stdin 2 1.7 christos .TH SLAPO-AUDITLOG 5 "2025/05/22" "OpenLDAP 2.6.10" 3 1.7 christos .\" Copyright 2005-2024 The OpenLDAP Foundation All Rights Reserved. 4 1.1 lukem .\" Copying restrictions apply. See COPYRIGHT/LICENSE. 5 1.5 tron .\" $OpenLDAP$ 6 1.1 lukem .SH NAME 7 1.3 lukem slapo\-auditlog \- Audit Logging overlay to slapd 8 1.1 lukem .SH SYNOPSIS 9 1.1 lukem /etc/openldap/slapd.conf 10 1.1 lukem .TP 11 1.1 lukem /etc/openldap/slapd.d 12 1.1 lukem .SH DESCRIPTION 13 1.1 lukem The Audit Logging overlay can be used to record all changes on a given 14 1.1 lukem backend database to a specified log file. Changes are logged as standard 15 1.7 christos LDIF, with an additional comment header providing six fields of 16 1.7 christos information about the change. A second comment header is added at the end 17 1.7 christos of the operation to note the termination of the change. 18 1.1 lukem .LP 19 1.1 lukem For Add and Modify operations the identity comes from the modifiersName 20 1.1 lukem associated with the operation. This is usually the same as the requestor's 21 1.1 lukem identity, but may be set by other overlays to reflect other values. 22 1.1 lukem .SH CONFIGURATION 23 1.1 lukem This 24 1.1 lukem .B slapd.conf 25 1.1 lukem option applies to the Audit Logging overlay. 26 1.1 lukem It should appear after the 27 1.1 lukem .B overlay 28 1.1 lukem directive. 29 1.1 lukem .TP 30 1.1 lukem .B auditlog <filename> 31 1.1 lukem Specify the fully qualified path for the log file. 32 1.1 lukem .TP 33 1.1 lukem .B olcAuditlogFile <filename> 34 1.1 lukem For use with 35 1.1 lukem .B cn=config 36 1.7 christos .SH COMMENT FIELD INFORMATION 37 1.7 christos The first field is the operation type. 38 1.7 christos .br 39 1.7 christos The second field is the timestamp of the operation in seconds since epoch. 40 1.7 christos .br 41 1.7 christos The third field is the suffix of the database. 42 1.7 christos .br 43 1.7 christos The fourth field is the recorded modifiersName. 44 1.7 christos .br 45 1.7 christos The fifth field is the originating IP address and port. 46 1.7 christos .br 47 1.7 christos The sixth field is the connection number. A connection number of -1 48 1.7 christos indicates an internal slapd operation. 49 1.1 lukem .SH EXAMPLE 50 1.1 lukem The following LDIF could be used to add this overlay to 51 1.1 lukem .B cn=config 52 1.1 lukem (adjust to suit) 53 1.1 lukem .LP 54 1.1 lukem .RS 55 1.1 lukem .nf 56 1.6 christos dn: olcOverlay=auditlog,olcDatabase={1}mdb,cn=config 57 1.1 lukem changetype: add 58 1.1 lukem objectClass: olcOverlayConfig 59 1.1 lukem objectClass: olcAuditLogConfig 60 1.1 lukem olcOverlay: auditlog 61 1.1 lukem olcAuditlogFile: /tmp/auditlog.ldif 62 1.1 lukem .fi 63 1.1 lukem .RE 64 1.1 lukem .LP 65 1.1 lukem .LP 66 1.7 christos .SH EXAMPLE CHANGELOG 67 1.7 christos .LP 68 1.7 christos .RS 69 1.7 christos .nf 70 1.7 christos # modify 1614223245 dc=example,dc=com cn=admin,dc=example,dc=com IP=[::1]:47270 conn=1002 71 1.7 christos dn: uid=joepublic,ou=people,dc=example,dc=com 72 1.7 christos changetype: modify 73 1.7 christos replace: displayName 74 1.7 christos displayName: Joe Public 75 1.7 christos - 76 1.7 christos replace: entryCSN 77 1.7 christos entryCSN: 20210225032045.045229Z#000000#001#000000 78 1.7 christos - 79 1.7 christos replace: modifiersName 80 1.7 christos modifiersName: cn=admin,dc=example,dc=com 81 1.7 christos - 82 1.7 christos replace: modifyTimestamp 83 1.7 christos modifyTimestamp: 20210225032045Z 84 1.7 christos - 85 1.7 christos # end modify 1614223245 86 1.7 christos 87 1.7 christos .fi 88 1.7 christos .RE 89 1.7 christos .LP 90 1.1 lukem .SH FILES 91 1.1 lukem .TP 92 1.1 lukem /etc/openldap/slapd.conf 93 1.1 lukem default slapd configuration file 94 1.1 lukem .TP 95 1.1 lukem /etc/openldap/slapd.d 96 1.1 lukem default slapd configuration directory 97 1.1 lukem .SH SEE ALSO 98 1.1 lukem .BR slapd.conf (5), 99 1.3 lukem .BR slapd\-config(5). 100
Indexes created Thu May 14 00:25:00 UTC 2026