[email protected] wrote: > Full_Name: Emily Backes > Version: 2.4.25 > OS: any > URL: > Submission from: (NULL) (76.88.107.46) > > In recent OpenLDAPs (2.4.25 at least, but I haven't found exactly where > it started), memberof interacts badly with accesslog.
See also: http://www.openldap.org/lists/openldap-technical/201104/msg00242.html > In a simple test case with a groupOfNames and two people, if you add a > person to the group, memberOf should set their memberOf opeational > attribute to point to the group. That works! But currently the > accesslog db will only show the change for the memberof update and not > the original group change. I can confirm that. > Digging deeper, I found: > [..] > The changes are reaching accesslog, but don't make it into the logdb > because their generated DNs based on reqStart match. Ah, that explains it. > reqStart is generated with a generalizedTime stamp where the > microseconds are an incrementing count based on o_tincr, but this does > not seem to be incremented, or incremented enough. > > It's not entirely clear why this is a problem now and not earlier. Maybe it was always a problem. Because I've started the thread above before installing 2.4.25: http://www.openldap.org/lists/openldap-technical/201103/msg00032.html I had 2.4.24 or 2.4.23 installed back then. > This may be related to ITS#6766. Seems similar and the group modification is the same like in cases where I observed the behaviour described in my postings. Ciao, Michael.
