Michael Wandel m.wandel@t-online.de schrieb am 02.02.2017 um 17:32 in
Nachricht 84658c11-b467-f162-93cc-4e6cafc19ef9@t-online.de:
Hey,
I'm searching for a tool which is able to transform an accesslog Database to an ldif file, what can be used for ldapmodify.
I think it's possible, and I did something like that. Mostly to recover from my mistakes, and for documentation purposes. It's not trivial, however. My LDIF output for a change looks like this:
### 20170102084415.000003Z uid=user,ou=people,dc=domain,dc=org ## auditModify(modify)[83466,cn=Admin,dc=domain,dc=org] ## {0}{1.3.6.1.4.1.4203.666.5.12 criticality TRUE}: #< entryCSN: 20161220083510.859974Z#000000#001#000000 #< modifiersName: cn=Admin,dc=domain,dc=org #< modifyTimestamp: 20161220083510Z #= modifiersName: cn=Admin,dc=domain,dc=org
dn: uid=user,ou=people,dc=domain,dc=org changetype: modify replace: entryCSN entryCSN: 20170102084415.765596Z#000000#001#000000 - replace: modifyTimestamp modifyTimestamp: 20170102084415Z - add: pwdFailureTime pwdFailureTime: 20170102084415Z
(Those "<" are previous values and "=" are unchanged values)
Note that the LDIF is forward (for re-applying) the changes. My program also has an option to produce a "backward LDIF" to create the corresponding "undo". Also note that not all attributes presented in my LDIF can be changed vie LDIF.
Or is there an alternative way to use the accesslog to rebuild an ldap database from a backup time to actual ?
Every hint is welcome
Regards, Ulrich
best regards
Michael