Closed Bug 505331 Opened 15 years ago Closed 15 years ago

LDAP server logs

Categories

(mozilla.org Graveyard :: Server Operations, task)

Product:
mozilla.org Graveyard
Component:
Server Operations
Platform:
x86
Linux
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: gerv, Assigned: aravind)

Details

We would like to have a dormant accounts policy. This requires some mechanism for identifying dormant accounts. It is thought that the best way to implement this would be to write a cronned script which parsed the LDAP server logs once a day and kept a record of all the IDs it had seen. After six months, anyone not in the database would be considered dormant.

Please can you supply me with some sample server logs (say, 4 days worth) and the other information I might need to write such a script (filenames, locations on disk etc.).

Thanks :-)

Gerv
Assignee: server-ops → aravind
I think it might be better to parse the secure log (/var/log/secure) from sshd to get this information that to comb though ldap logs.  Those are generated for all kind of things, and sometimes they are not (when nscd caches stuff).

If that works, I can get you a copy of that secure log file.
I'm happy to use whatever log file has the info in :-)

Gerv
We support committing via HTTPS (for svn, at least), so SSH secure logs wouldn't show anybody who committed that way. Most of our web localizers do that, so we can't just ignore them.
For svn you could use the viewvc db to get that information?  Come to think of it, couldn't you use that pushlog db information for mercurial?  That way.. no log combing would be necessary.
(In reply to comment #4)
> For svn you could use the viewvc db to get that information?  Come to think of
> it, couldn't you use that pushlog db information for mercurial?  That way.. no
> log combing would be necessary.

For svn, as long as such a script has read access to the db, that might work.

For Hg, there's no global pushlog db, so the script would have to access every pushlog db for every repo. I guess that's doable...
Gerv: Can I resolve this as wontfix?

Do you need me to get you a sample pushlog db or do you have those locally?  Also, the viewvc svn db should also be pretty easy to replicate locally.
Hmm. I guess using the visible logs would make it easier for me to run the script, and it does look like both Hg and SVN information is available publicly. 

The idea of using Hg pushlog sucks a bit because if there's no global pushlog I'd have to update the script every time we added a new repo. Unless I scraped a repo list off the website too. Although it is handy that pushlogs are available as Atom.

The SVN info is indeed available from:
http://viewvc.svn.mozilla.org/vc/?view=queryform
And it's available in RSS.

And I could scrape bonsai for CVS too. No RSS or Atom there, right?

Gerv
Found alternate way to get info.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WONTFIX
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.