Hello everyone,
Is there anyway to detetct the modifications made and/or addition,subtraction made to directory for a certain period of time without using replication? I will be running openldap on my backup machine for two hours and I am not sure how I can see if there were any changes made during those two hours, so that I can do the same on my production.
Regards Naufal
--On Tuesday, November 13, 2007 2:38 PM -0500 Naufal Sheikh naufalzamir@gmail.com wrote:
Hello everyone,
Is there anyway to detetct the modifications made and/or addition,subtraction made to directory for a certain period of time without using replication? I will be running openldap on my backup machine for two hours and I am not sure how I can see if there were any changes made during those two hours, so that I can do the same on my production.
Assuming OpenLDAP 2.3 or later, set up an accesslog database.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Naufal Sheikh skrev, on 13-11-2007 20:38:
Is there anyway to detetct the modifications made
Here OL 2.3.x. delta syncrepl.
Suppose you could run a script an intervals looking for whatever you want in the operational attributes, if you have sufficient rights.
ldapsearch -LLL -x -D "cn=proxy,dc=barlaeus,dc=nl" -w secret 'uid=zzuilhof' modifyTimestamp
modifyTimestamp: 20071106101131Z
and/or addition,subtraction made to directory for a certain period of time without using replication?
We presume you're up to date with latest 2.3 and have configured delta syncrepl, not slurpd. Avoid slurpd at all costs.
Did I mention avoiding slurpd?
Noppies (Dutch ;)) meaning "No". Adding (2.3.x) a delta syncrepl provider to your slapd.conf will only cost you a little headache to configure, you don't need ever to use it for replication, but it will add records to your changelog DB that will do what you want for searching:
ldapsearch2.3 -LLL -x -D "cn=proxy,dc=barlaeus,dc=nl" -w secret -b 'cn=changelog' reqDn
The latter will return multiple values; your script (the one you write yourself in shell or Perl) will extract the requisite information.
I will be running openldap on my backup machine for two hours and I am not sure how I can see if there were any changes made during those two hours, so that I can do the same on my production.
Well, you could as well run the gq GUI (is what I do), which would let you know as well as my above suggestions. Both work :)
Did I mention avoiding slurpd?
--Tonni
Tony Earnshaw wrote:
Naufal Sheikh skrev, on 13-11-2007 20:38:
Is there anyway to detetct the modifications made
Here OL 2.3.x. delta syncrepl.
Suppose you could run a script an intervals looking for whatever you want in the operational attributes, if you have sufficient rights.
ldapsearch -LLL -x -D "cn=proxy,dc=barlaeus,dc=nl" -w secret 'uid=zzuilhof' modifyTimestamp
modifyTimestamp: 20071106101131Z
and/or addition,subtraction made to directory for a certain period of time without using replication?
We presume you're up to date with latest 2.3 and have configured delta syncrepl, not slurpd. Avoid slurpd at all costs.
Did I mention avoiding slurpd?
Noppies (Dutch ;)) meaning "No". Adding (2.3.x) a delta syncrepl provider to your slapd.conf will only cost you a little headache to configure, you don't need ever to use it for replication, but it will add records to your changelog DB that will do what you want for searching:
The accesslog overlay creates change records regardless of syncprov. You imply a dependency where no such dependency exists; accesslog has other uses besides supporting replication.
ldapsearch2.3 -LLL -x -D "cn=proxy,dc=barlaeus,dc=nl" -w secret -b 'cn=changelog' reqDn
The latter will return multiple values; your script (the one you write yourself in shell or Perl) will extract the requisite information.
I will be running openldap on my backup machine for two hours and I am not sure how I can see if there were any changes made during those two hours, so that I can do the same on my production.
So it sounds like he wants to do manually-controlled replication. The big question here is why do it manually?
Well, you could as well run the gq GUI (is what I do), which would let you know as well as my above suggestions. Both work :)
Did I mention avoiding slurpd?
--Tonni
openldap-software@openldap.org
-
Howard Chu -
Naufal Sheikh -
Quanah Gibson-Mount -
Tony Earnshaw