PingDirectory

Config audit log and the configuration archive

The configuration audit log provides a record of any changes made to the server configuration while the server is online. This information is written to the logs/config-audit.log file and provides information about the configuration change in the form that can be used to perform the operation in a non-interactive manner with the dsconfig command. Other information written for each change includes:

  • Time that the configuration change was made.

  • Connection ID and operation ID for the corresponding change, which can be used to correlate it with information in the access log.

  • DN of the user requesting the configuration change and the method by which that user authenticated to the server.

  • Source and destination addresses of the client connection.

  • Command that can be used to undo the change and revert to the previous configuration for the associated configuration object.

In addition to information about the individual changes that are made to the configuration, the server maintains complete copies of all previous configurations. These configurations are provided in the config/archived-configs directory and are gzip-compressed copies of the config/config.ldif file in use before the configuration change was made. The file names contain timestamps that indicate when that configuration was first used.