WHATSNEW add entries audit logging and lmdb.,

[Gary Lockyer]

Add WHATSNEW entries for dsdb, password and group change audit logging,
as well as the ldb lmdb backend

Review appreciated.

Gary
-------------- next part --------------
From e15aadb84fce1a94307e65554b9ed67ac5d8d5ac Mon Sep 17 00:00:00 2001
From: Gary Lockyer <gary at catalyst.net.nz>
Date: Tue, 10 Jul 2018 13:57:18 +1200
Subject: [PATCH] WHATSNEW add entries audit logging and lmdb.

Add WHATSNEW entries for dsdb, password and group change audit logging,
as well as the ldb lmdb backend

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
---
 WHATSNEW.txt | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 2ceacc4..5ddf7c4 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -66,6 +66,52 @@ Kerberos would return ALICE as the username. Kerberos would not be able to map
 names can be correctly mapped. This only applies to GSSAPI authentication,
 not for the geting the initial ticket granting ticket.
 
+Database audit support
+----------------------
+
+Changes to the Samba AD's sam.ldb database are now logged to Samba's debug log
+under the "dsdb_audit" debug class and "dsdb_json_audit" for JSON formatted log
+entries.
+
+Transaction commits and roll backs are now logged to Samba's debug logs under
+the "dsdb_transaction_audit" debug class and "dsdb_transaction_json_audit" for
+JSON formatted log entries.
+
+Password change audit support
+-----------------------------
+
+Password changes in the AD DC are now logged to Samba's debug logs under the
+"dsdb_password_audit" debug class and "dsdb_password_json_audit" for JSON
+formatted log entries.
+
+Group membership change audit support
+-------------------------------------
+
+Group membership changes on the AD DC are now logged to
+Samba's debug log under the "dsdb_group_audit" debug class and
+"dsdb_group_json_audit" for JSON formatted log entries.
+
+Log Authentication duration
+---------------------------
+
+For NTLM and Kerberos KDC authentication, the authentication duration is now
+logged. Note that the duration is only included in the JSON formatted log
+entries.
+
+New Experimental LMDB LDB backend
+---------------------------------
+
+A new experimental LDB backend using LMBD is now available. This allows
+databases larger than 4Gb (Currently the limit is set to 6Gb, but this will be
+increased in a future release). To enable lmdb, provision or join a domain using
+the --backend-store=mdb option.
+
+This requires that a version of lmdb greater than 0.9.16 is installed and that
+samba has not been built with the --without-ldb-lmdb option.
+
+Please note this is an experimental feature and is not recommended for
+production deployments.
+
 REMOVED FEATURES
 ================
 
-- 
2.7.4

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180710/da39c557/signature.sig>