Hi,
I want to get last modified timestamps, etc, on individual entries in OpenLDAP just as I get them in my about to be retired Netscape server. But I noticed that that lastmod overlay is not built by default when you compile from source (one needs to include the "--enable-lastmod" when running configure). And so, of course, my current binary doesn't support that function. Is there a downside to using the lastmod overlay? Can I just recompile and reinstall and not have to actually rebuild the database, or do I have to dump the database and reload it again?
Thanks, Rob
Rob Tanner wrote:
Hi,
I want to get last modified timestamps, etc, on individual entries in OpenLDAP just as I get them in my about to be retired Netscape server. But I noticed that that lastmod overlay is not built by default when you compile from source (one needs to include the "--enable-lastmod" when running configure). And so, of course, my current binary doesn't support that function. Is there a downside to using the lastmod overlay? Can I just recompile and reinstall and not have to actually rebuild the database, or do I have to dump the database and reload it again?
I don't think the lastmod overlay does what you think it does. That overlay records the last modification made to any entry in the database, onto an attribute on the root entry of the database. Also, there's an outstanding ITS against this overlay, so it is apparently broken at the moment.
OpenLDAP already records the last modified timestamp on individual entries; it's in the "modifyTimestamp" operational attribute.
Howard Chu wrote:
I don't think the lastmod overlay does what you think it does. That overlay records the last modification made to any entry in the database, onto an attribute on the root entry of the database. Also, there's an outstanding ITS against this overlay, so it is apparently broken at the moment.
I think it's time to retire the lastmod overlay. A valid replacement could be the accesslog overlay, with an option to purge based on size rather than on age, leaving only (at most) one entry...
p.
I did some googling for the "modifyTimestamp" and found a few references, but nothing that tells me how I can access the attribute's value and make use of it. I also googled for the phrase "operational attribute" and I didn't find anything helpful. Could someone please point me to some examples, FAQs, or other documentation?
Thanks, Rob
Howard Chu said the following on 11/15/2006 07:35 PM:
Rob Tanner wrote:
Hi,
I want to get last modified timestamps, etc, on individual entries in OpenLDAP just as I get them in my about to be retired Netscape server. But I noticed that that lastmod overlay is not built by default when you compile from source (one needs to include the "--enable-lastmod" when running configure). And so, of course, my current binary doesn't support that function. Is there a downside to using the lastmod overlay? Can I just recompile and reinstall and not have to actually rebuild the database, or do I have to dump the database and reload it again?
I don't think the lastmod overlay does what you think it does. That overlay records the last modification made to any entry in the database, onto an attribute on the root entry of the database. Also, there's an outstanding ITS against this overlay, so it is apparently broken at the moment.
OpenLDAP already records the last modified timestamp on individual entries; it's in the "modifyTimestamp" operational attribute.
--On Thursday, November 16, 2006 2:55 PM -0800 Rob Tanner rtanner@linfield.edu wrote:
I did some googling for the "modifyTimestamp" and found a few references, but nothing that tells me how I can access the attribute's value and make use of it. I also googled for the phrase "operational attribute" and I didn't find anything helpful. Could someone please point me to some examples, FAQs, or other documentation?
Every entry in the LDAP server contains a set of operational attributes. You can request them individually, or all at once using the "+" attribute flag to ldapsearch.
ldapsearch -LLL -Q -h ldap uid=quanah + dn: uid=quanah,cn=accounts,dc=stanford,dc=edu structuralObjectClass: suAccount creatorsName: cn=manager,dc=stanford,dc=edu createTimestamp: 20030529234623Z entryUUID: 1d9a7fc4-019e-1028-8bad-89d9a09c6a42 entryCSN: 20050929125344Z#000020#00#000000 modifiersName: uid=quanah,cn=accounts,dc=stanford,dc=edu modifyTimestamp: 20050929125344Z entryDN: uid=quanah,cn=accounts,dc=stanford,dc=edu subschemaSubentry: cn=Subschema hasSubordinates: FALSE
ldapsearch -LLL -Q -h ldap uid=quanah modifyTimestamp dn: uid=quanah,cn=accounts,dc=stanford,dc=edu modifyTimestamp: 20050929125344Z
etc
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
openldap-software@openldap.org
-
Howard Chu -
Pierangelo Masarati -
Quanah Gibson-Mount -
Rob Tanner