Zhang Weiwu wrote:

Dear everyone

I use accesslog and is pretty fond of it. Recently I need to look up several deleted entries, who deleted them and when, who modified these entries before deletion. And I found it not easy.

All the clue I have is the deleted entries, before they are deleted, are in certain subtree. I first thought I can do a search like this: ldapsearch ...(accesslog db)... '(reqDn=*uid=dep1,ou=contacts,dc=example,dc=com)'

Of course DNs do not support substring match.

Where 'uid=dep1,ou=contacts,dc=example,dc=com' is the parent node of the node that was deleted.

This doesn't work (always return no result). I guess one reason is wildcard search is not allowed in reqDn for certain reason.

The second idea is to dump while accesslog database and do some grepping and awking around it. But that way the whole means of using ldap database for accesslog is lost. The reason of using ldapdatabase for accesslog, rather than a plain text file, is to be able to search for modification records without having to do grepping and awking (especially grepping might be diffcult because the dn might been base64 encoded in ldif dumped from database)

So again can someone with experience show what you would do in this case?

Try

$ ldapsearch \ '(reqDn:dnSubtreeMatch:=uid=dep1,ou=contacts,dc=example,dc=com)'

See RFC4515 for a specification of extensible filters; the dnSubtreeMatch rule is an OpenLDAP extension, AFAIK.

p.

Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------