Issue #333 has been updated by Clément OUDOT. Target version changed from openldap-rpm-? to openldap-rpm-2.4.27
---------------------------------------- Feature #333: pam_unix records event http://tools.lsc-project.org/issues/333 Author: Nick Milas Status: Assigned Priority: Normal Assigned to: Clément OUDOT Category: OpenLDAP RPM Target version: openldap-rpm-2.4.27 Hello, I am using http://tools.ltb-project.org/attachments/download/226/openldap-ltb-2.4.26-1.el5.x86_64.rpm on two boxes and it's working without problems. Yet, I have noticed that /var/log/secure records the following events when daily cron jobs run (4:02AM). <pre> Aug 25 04:02:09 vmail su: pam_unix(su-l:session): session opened for user ldap by (uid=0) Aug 25 04:02:09 vmail su: pam_unix(su-l:session): session closed for user ldap </pre> This recording, although probably harmless, should best be avoided. I assume it is obviously due to slapd restart by the logrotate script: <pre> # cat /etc/logrotate.d/openldap #================================================= # Logrotate script for OpenLDAP # # Provided by LTB-project (http://www.ltb-project.org) #================================================= /var/log/openldap.log { daily rotate 10 missingok notifempty sharedscripts postrotate # reload syslog /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true # only restart if slapd is really running if test -n "`ps acx|grep slapd`"; then /sbin/service slapd restart fi endscript } </pre> [Note that this is related to the older issue: http://tools.ltb-project.org/issues/314.] I would like to mention that this doesn't happen on other ldap 2.4.22 servers running (on other boxes) with the following logrotate script: <pre> # cat /etc/logrotate.d/ldap2.4 /var/log/ldap2.4/ldap.log { missingok notifempty compress daily rotate 10 size=10M sharedscripts postrotate # OpenLDAP logs via syslog, restart syslog if running /etc/init.d/syslog condrestart endscript } </pre> So, I am wondering if you consider it correct from your side for us to try to use the above script (adapted) for ltb-openldap log rotation. You may also want to test it on your test rigs. Best regards, Nick -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
