Hi,
I'm trying to search entries in an OpenLDAP (v2.4.7) directory using their last modification date as a criteria.
"modifyTimestamp"?
Digging in the schemas, I couldn't find an attribute that contained such a value. The only thing I found was the internal attribute "entryCSN" used by OpenLDAP to manage synchronization.
I tried to do several ldapsearch queries, but I couldn't manage to obtain a decent result.
Using "(&(objectClass=groupOfUniqueNames))" => I get every group of the directory. I can see that lots of them were modified in 2009
Related problem : Using "(&(objectClass=groupOfUniqueNames)(entryCSN<=20091224))" => The slapd2.4 process stops without returning anything.
Using "(&(objectClass=groupOfUniqueNames)(entryCSN <= 20091224))" (The same query with spaces) => I dont get any result. Shouldn't I retrieve the entries modified before 2010/12/24 ?
Using "(&(objectClass=groupOfUniqueNames)(entryCSN >= 20091224))" => I dont get any result. Shouldn't I retrieve the entries modified after 2010/12/24 ?
- Does anyone know how to filter entries using their entryCSN?
- Btw, is it even possible?
It is; it uses the csnOrderingMatch rule. However, to use that rule, you need to provide a valid CSN assertion value, and yours isn't. A CSN is something like
YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss
See http://www.openldap.org/faq/data/cache/1145.html for a description of the syntax. Your search would be
(entryCSN>=20091224000000.000000Z#000000#000#000000)
You can specifically select modifications related to a single server by using the CSNSIDMatch rule, e.g.
'(&(entryCSN>=20091224000000.000000Z#000000#000#000000)(entryCSN:CSNSIDMatch:=002))'
only evaluates entryCSN whose SID is 002 (the SID portion is not evaluated in the CSNOrderingMatch rule).
p.