There is no error. It goes thru fine. When I restart the LDAP server after adding it, there is nothing in the audit file. And no entry in the dse.ldif.

On 15 June 2015 at 13:39, German Parente <gparente@redhat.com> wrote:

Hi Prashant,

it should work in the same way. Are you having an error doing your ldapmodify ?


There's not a specific entry for nsslapd-auditlog-logging-enabled.

nsslapd-auditlog-logging-enabled is an attribute of cn=config entry.

You should be able to query it by this command:

ldapsearch -xLLL -D "cn=directory manager" -W -b "cn=config" -s base nsslapd-auditlog-logging-enabled
dn: cn=config
nsslapd-auditlog-logging-enabled: on

Regards,

German.


----- Original Message -----
> From: "Prashant Bapat" <prashant@apigee.com>
> To: "389-users" <389-users@lists.fedoraproject.org>
> Sent: Monday, June 15, 2015 9:56:48 AM
> Subject: [389-users] Not able to enable audit logs
>
> Hi,
>
> I have a setup of master-master replicated 389 DS installations as part of
> FreeIPA.
>
> This is the version of the 389-ds : 389-ds-base-1.3.3.8-1.fc21.x86_64
>
> On 1st server, I was able to enable the audit logs using the following LDIF.
>
>
>
>
> dn: cn=config
> changetype: modify
> replace: nsslapd-auditlog-logging-enabled
> nsslapd-auditlog-logging-enabled: on
>
> However, the same LDIF when I run on the second server (which is the
> replicated master) the audit logs never get enabled. I'm not able to find
> the nsslapd-auditlog-logging-enabled entry under the dse.ldif . I have tried
> restarting etc but no luck.
>
> Is this normal ?
>
> Thanks.
> --Prashant
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users