Description of problem: Modifier's name is not recorded in the audit log with modrdn and moddn operations Version-Release number of selected component (if applicable): RHEL Version: RHEL 7.3 x86_64 Server DS Version: 389-ds-base-libs-1.3.5.3-1 389-ds-base-1.3.5.3-1 How reproducible: Always Steps to Reproduce: 1. Create a new DS instance 2. Enable audit logging 3. Add a user entry as below [root@corp ~]# ldapadd -x -D 'cn=Directory Manager' -W -h localhost -p 389 dn: uid=tuser,ou=people,dc=example,dc=com objectclass: top objectclass: person objectclass: inetorgperson uid: tuser cn: test user sn: user adding new entry "uid=tuser,ou=people,dc=example,dc=com" 4) Perform a modrdn operation on the entry as below [root@corp ~]# ldapmodify -x -D 'cn=Directory Manager' -W -h localhost -p 389 dn: uid=tuser,ou=people,dc=example,dc=com changetype: modrdn newrdn: uid=testuser deleteoldrdn: 1 modifying rdn of entry "uid=tuser,ou=people,dc=example,dc=com" 5) Check the audit log in /var/log/dirsrv/slapd-corp/ directory, only this information is recorded time: 20160512143153 dn: uid=tuser,ou=People,dc=example,dc=com result: 0 changetype: modrdn newrdn: uid=testuser deleteoldrdn: 1 as can be seen, the modifiers name is missing here 6) Perform a moddn operation on the entry as below [root@corp ~]# ldapmodify -x -D 'cn=Directory Manager' -W -h localhost -p 389 dn: uid=testuser,ou=people,dc=example,dc=com changetype: moddn newrdn: uid=tuser deleteoldrdn: 1 newsuperior: ou=groups,dc=example,dc=com modifying rdn of entry "uid=testuser,ou=people,dc=example,dc=com" 7) check the audit logs time: 20160512143829 dn: uid=testuser,ou=People,dc=example,dc=com result: 0 changetype: modrdn newrdn: uid=tuser deleteoldrdn: 1 again, the modifiers name is missing here Expected results: The modifier's name should be recorded in the audit logs with modrdn and moddn operations
git patch file (master) 0001-Ticket-48834-Modifier-s-name-is-not-recorded-in-the-.patch
Is creatorsname already covered? If yes, then ack
Replying to [comment:4 mreynolds]:
Is creatorsname already covered? If yes, then ack Thanks Mark!
Actually, the modifiersname is for showing the DN who did the modrdn as seen in delete. {{{ time: 20160518141852 dn: uid=tuser104,ou=People,dc=example,dc=com result: 0 changetype: delete modifiersname: cn=directory manager }}} Do you think there is something we should add for creatorsname in modrdn?
Thanks for the review and comments, Mark. I assume the patch is okay.
Pushed to master: d13057e..e965c74 master -> master commit e965c74
commit 5601fe4 Writing objects: 100% (6/6), 768 bytes | 0 bytes/s, done. Total 6 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git e965c74..5601fe4 master -> master
One line fix for jenkins.
Metadata Update from @nhosoi: - Issue assigned to nhosoi - Issue set to the milestone: 1.3.5.5
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1894
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.