On 10/12/19 12:59 AM, Quanah Gibson-Mount wrote:
--On Wednesday, October 9, 2019 3:58 PM +0000 Michael Starling mlstarling31@hotmail.com wrote:
Is there any OpenLDAP control equivalent to the Microsoft's >> LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.113556.1.4.417" ?
I would like to pull a list of user accounts that have been deleted along with the corresponding date/time.
If you delete an entry with OpenLDAP, then it is deleted. There are no tombstones. Generally if you want to have access to old account information, it's a better design to have an attribute that tracks whether an account is active/inactive/whatever, and then flip its bit.
Additionally one can use slapo-accesslog and record all write operations to a separate database.
Ciao, Michael.