How can i exclude userPassword section from /var/log/dirsrv/slapd-Example/audit

zahidh · 05-18-2018, 12:46 AM

Hello All,
In my IPA/IDM server i enabled audit log and its capturing user addition/deletion/password change... etc

eg :- /var/log/dirsrv/slapd-Example/audit

time: 20180515061921
dn: uid=user7,cn=users,cn=accounts,dc=Example,dc=com
result: 0
changetype: add
displayName: user7 xyz
uid: user7
krbCanonicalName: user7@Example.com
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetorgperson
objectClass: inetuser
objectClass: posixaccount
objectClass: krbprincipalaux
objectClass: krbticketpolicyaux
objectClass: ipaobject
objectClass: ipasshuser
objectClass: ipaSshGroupOfPubKeys
loginShell: /bin/sh
uidNumber: -1
initials: ux
gidNumber: -1
gecos: user7 xyz
sn: xyz
homeDirectory: /home/user7
mail: user7@Example.com
krbPrincipalName: user7@Example.com
givenName: user7
cn: user7 xyz
userPassword:: e1NFDFrEGg34F3TSGF%EE1M34TJ9VWE4M2w343RE65FDGRw5bld542Y0HgGrb0J1UUFqZ2hqNU1Fe334HBxajHGFR2c2tBNTRk9V jCVGhlSG1DeG789KTUovK2pHGSVGpMNTZXb29673VFVGFPSVBm65SVh0YDDXN

i want to exclude userPassword section from /var/log/dirsrv/slapd-Example/audit

Can some one to help to exclude it from audit.Hello All,

AwesomeMachine · 05-20-2018, 07:58 PM

I don't think the logging is configurable on that level.

zahidh · 05-25-2018, 12:10 AM

Quote:

Originally Posted by AwesomeMachine

I don't think the logging is configurable on that level.

Thank you for your comment, however there could be something to remove userPassword from auditlog, if anyone can help

AwesomeMachine · 05-25-2018, 01:47 PM

I couldn't find any way to do it. And I don't think the contents are usable as a password.