Re: Antw: Re: Retrieve deleted user accounts
Ulrich Windl wrote:
>>> Quanah Gibson-Mount <quanah(a)symas.com> schrieb am
12.10.2019 um 00:59 in
Nachricht <9CEEEE149A9041259AA8E765(a)[192.168.1.144]>:
>
> ‑‑On Wednesday, October 9, 2019 3:58 PM +0000 Michael Starling
> <mlstarling31(a)hotmail.com> wrote:
>
>>
>> Is there any OpenLDAP control equivalent to the Microsoft's >>
>> LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.113556.1.4.417" ?
>>
>>
>> I would like to pull a list of user accounts that have been deleted along
>> with the corresponding date/time.
>
> If you delete an entry with OpenLDAP, then it is deleted. There are no
> tombstones. Generally if you want to have access to old account
> information, it's a better design to have an attribute that tracks whether
> an account is active/inactive/whatever, and then flip its bit.
Querying accesslog (if configured) could provide such information.
One could even write an overlay that used the accesslog to emulate the
functionality of the Microsoft control.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/