On 10/12/19 12:59 AM, Quanah Gibson-Mount wrote:
--On Wednesday, October 9, 2019 3:58 PM +0000 Michael Starling
> Is there any OpenLDAP control equivalent to the Microsoft's >>
> LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.1135184.108.40.2067" ?
> I would like to pull a list of user accounts that have been deleted along
> with the corresponding date/time.
If you delete an entry with OpenLDAP, then it is deleted. There are no
tombstones. Generally if you want to have access to old account
information, it's a better design to have an attribute that tracks
whether an account is active/inactive/whatever, and then flip its bit.
Additionally one can use slapo-accesslog and record all write operations
to a separate database.