On 08.02.2017 08:10, Ulrich Windl wrote:
Michael Wandel m.wandel@t-online.de schrieb am 07.02.2017 um 17:25 in
Nachricht ba56f41c-ca52-0f29-4b64-2f068b27bca8@t-online.de:
On 06.02.2017 09:36, Ulrich Windl wrote:
Michael Wandel m.wandel@t-online.de schrieb am 02.02.2017 um 17:32 in
Nachricht 84658c11-b467-f162-93cc-4e6cafc19ef9@t-online.de:
Hey,
I'm searching for a tool which is able to transform an accesslog Database to an ldif file, what can be used for ldapmodify.
I think it's possible, and I did something like that. Mostly to recover
from
my mistakes, and for documentation purposes. It's not trivial, however. My LDIF output for a change looks like this:
### 20170102084415.000003Z uid=user,ou=people,dc=domain,dc=org ## auditModify(modify)[83466,cn=Admin,dc=domain,dc=org] ## {0}{1.3.6.1.4.1.4203.666.5.12 criticality TRUE}: #< entryCSN: 20161220083510.859974Z#000000#001#000000 #< modifiersName: cn=Admin,dc=domain,dc=org #< modifyTimestamp: 20161220083510Z #= modifiersName: cn=Admin,dc=domain,dc=org
dn: uid=user,ou=people,dc=domain,dc=org changetype: modify replace: entryCSN entryCSN: 20170102084415.765596Z#000000#001#000000
replace: modifyTimestamp modifyTimestamp: 20170102084415Z
add: pwdFailureTime pwdFailureTime: 20170102084415Z
(Those "<" are previous values and "=" are unchanged values)
Note that the LDIF is forward (for re-applying) the changes. My program
also
has an option to produce a "backward LDIF" to create the corresponding "undo". Also note that not all attributes presented in my LDIF can be
changed
vie LDIF.
Nice to hear about, where can i find these tool, is there a download link
??
Sorry, it's an in-house development. But any talented programmer can write what you need within a few days.
It's ok, you are right, if you have time can do anything (fly to the mars ;-) ). Thanks for the inspiration.
Quanah Gibson-Mount quanah@symas.com has published a simple version you could use also.
That solution we use at the moment, big thanks to Quanah.
best regards Michael
Regards, Ulrich
best regards
Michael
Or is there an alternative way to use the accesslog to rebuild an ldap database from a backup time to actual ?
Every hint is welcome
Regards, Ulrich
best regards
Michael
-- Michael Wandel Braakstraße 43 33647 Bielefeld