Hi,
I'm trying to search entries in an OpenLDAP (v2.4.7) directory using their last modification date as a criteria. Digging in the schemas, I couldn't find an attribute that contained such a value. The only thing I found was the internal attribute "entryCSN" used by OpenLDAP to manage synchronization.
I tried to do several ldapsearch queries, but I couldn't manage to obtain a decent result.
Using "(&(objectClass=groupOfUniqueNames))" => I get every group of the directory. I can see that lots of them were modified in 2009
Related problem : Using "(&(objectClass=groupOfUniqueNames)(entryCSN<=20091224))" => The slapd2.4 process stops without returning anything.
Using "(&(objectClass=groupOfUniqueNames)(entryCSN <= 20091224))" (The same query with spaces) => I don’t get any result. Shouldn't I retrieve the entries modified before 2010/12/24 ?
Using "(&(objectClass=groupOfUniqueNames)(entryCSN >= 20091224))" => I don’t get any result. Shouldn't I retrieve the entries modified after 2010/12/24 ?
- Does anyone know how to filter entries using their entryCSN? - Btw, is it even possible?
Best regards
--
Pierre Laporte
My mistake, main problem solved.
Spaces are not allowed in ldap queries. In fact, I didn't get "no result", I got one message "Bad search filter" that was not handled correctly.
I changed my filters so that it now uses the createTimeStamp and modifyTimeStamp attributes. Using "(&(objectClass=groupOfUniqueNames)(modifyTimeStamp<=20091224))", I retrieve the entries that haven't been modified since 2009/12/24.
Caution : this filter cannot be applied to the entryCSN attribute as it makes OpenLDAP shutdown.
Best Regards.
--
Pierre Laporte
On Thu, Jun 24, 2010 at 1:49 PM, Pierre Laporte pierre.laporte@steria.comwrote:
Hi,
I'm trying to search entries in an OpenLDAP (v2.4.7) directory using their last modification date as a criteria. Digging in the schemas, I couldn't find an attribute that contained such a value. The only thing I found was the internal attribute "entryCSN" used by OpenLDAP to manage synchronization.
I tried to do several ldapsearch queries, but I couldn't manage to obtain a decent result.
Using "(&(objectClass=groupOfUniqueNames))" => I get every group of the directory. I can see that lots of them were modified in 2009
Related problem :
Using "(&(objectClass=groupOfUniqueNames)(entryCSN<=20091224))" => The slapd2.4 process stops without returning anything.
Using "(&(objectClass=groupOfUniqueNames)(entryCSN <= 20091224))" (The same query with spaces) => I don’t get any result. Shouldn't I retrieve the entries modified before 2010/12/24 ?
Using "(&(objectClass=groupOfUniqueNames)(entryCSN >= 20091224))" => I don’t get any result. Shouldn't I retrieve the entries modified after 2010/12/24 ?
Does anyone know how to filter entries using their entryCSN?
Btw, is it even possible?
Best regards
--
Pierre Laporte
My mistake, main problem solved.
Spaces are not allowed in ldap queries. In fact, I didn't get "no result", I got one message "Bad search filter" that was not handled correctly.
I changed my filters so that it now uses the createTimeStamp and modifyTimeStamp attributes. Using "(&(objectClass=groupOfUniqueNames)(modifyTimeStamp<=20091224))", I retrieve the entries that haven't been modified since 2009/12/24.
Caution : this filter cannot be applied to the entryCSN attribute as it makes OpenLDAP shutdown.
If by "shutdown" you mean "crash", that might have been true for 2.4.7, the version you claim to use. That version was released 31 months ago. The current release does not crash. Of course, bearing with malformed filters is not the main reason you should upgrade.
p.
Am Donnerstag 24 Juni 2010, 15:19:38 schrieb Pierre Laporte:
My mistake, main problem solved.
Spaces are not allowed in ldap queries. In fact, I didn't get "no result", I got one message "Bad search filter" that was not handled correctly.
I changed my filters so that it now uses the createTimeStamp and modifyTimeStamp attributes. Using "(&(objectClass=groupOfUniqueNames)(modifyTimeStamp<=20091224))", I retrieve the entries that haven't been modified since 2009/12/24.
"modifyTimeStamp" seems like the correct Attribute to query for your use case. "entryCSN" is a bit more than just a timestamp.
Caution : this filter cannot be applied to the entryCSN attribute as it makes OpenLDAP shutdown.
If it did, that would be clearly a bug. You should consider updating to a more recent OpenLDAP release and check if the problem persists there.
regards, Ralf
On Thu, Jun 24, 2010 at 1:49 PM, Pierre Laporte
pierre.laporte@steria.comwrote:
Hi,
I'm trying to search entries in an OpenLDAP (v2.4.7) directory using their last modification date as a criteria. Digging in the schemas, I couldn't find an attribute that contained such a value. The only thing I found was the internal attribute "entryCSN" used by OpenLDAP to manage synchronization.
I tried to do several ldapsearch queries, but I couldn't manage to obtain a decent result.
Using "(&(objectClass=groupOfUniqueNames))" => I get every group of the directory. I can see that lots of them were modified in 2009
Related problem :
Using "(&(objectClass=groupOfUniqueNames)(entryCSN<=20091224))" => The slapd2.4 process stops without returning anything.
Using "(&(objectClass=groupOfUniqueNames)(entryCSN <= 20091224))" (The same query with spaces) => I don’t get any result. Shouldn't I retrieve the entries modified before 2010/12/24 ?
Using "(&(objectClass=groupOfUniqueNames)(entryCSN >= 20091224))"
=> I don’t get any result. Shouldn't I retrieve the entries modified after
2010/12/24 ?
Does anyone know how to filter entries using their entryCSN?
Btw, is it even possible?
Best regards
--
Pierre Laporte
Hi,
I'm trying to search entries in an OpenLDAP (v2.4.7) directory using their last modification date as a criteria.
"modifyTimestamp"?
Digging in the schemas, I couldn't find an attribute that contained such a value. The only thing I found was the internal attribute "entryCSN" used by OpenLDAP to manage synchronization.
I tried to do several ldapsearch queries, but I couldn't manage to obtain a decent result.
Using "(&(objectClass=groupOfUniqueNames))" => I get every group of the directory. I can see that lots of them were modified in 2009
Related problem : Using "(&(objectClass=groupOfUniqueNames)(entryCSN<=20091224))" => The slapd2.4 process stops without returning anything.
Using "(&(objectClass=groupOfUniqueNames)(entryCSN <= 20091224))" (The same query with spaces) => I dont get any result. Shouldn't I retrieve the entries modified before 2010/12/24 ?
Using "(&(objectClass=groupOfUniqueNames)(entryCSN >= 20091224))" => I dont get any result. Shouldn't I retrieve the entries modified after 2010/12/24 ?
- Does anyone know how to filter entries using their entryCSN?
- Btw, is it even possible?
It is; it uses the csnOrderingMatch rule. However, to use that rule, you need to provide a valid CSN assertion value, and yours isn't. A CSN is something like
YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss
See http://www.openldap.org/faq/data/cache/1145.html for a description of the syntax. Your search would be
(entryCSN>=20091224000000.000000Z#000000#000#000000)
You can specifically select modifications related to a single server by using the CSNSIDMatch rule, e.g.
'(&(entryCSN>=20091224000000.000000Z#000000#000#000000)(entryCSN:CSNSIDMatch:=002))'
only evaluates entryCSN whose SID is 002 (the SID portion is not evaluated in the CSNOrderingMatch rule).
p.
--On Thursday, June 24, 2010 1:49 PM +0200 Pierre Laporte pierre.laporte@steria.com wrote:
Hi,
I'm trying to search entries in an OpenLDAP (v2.4.7) directory using
Get an updated release. The current release is 2.4.22, 2.4.23 will be out soon.
- Btw, is it even possible?
I would suggest you try modifyTimestamp instead.
[zimbra@freelancer ~]$ ldapsearch -x -H ldapi:// -D "cn=config" -w oUt1rgjQ9G "(modifytimestamp<=20100623231323Z)" cn # extended LDIF # # LDAPv3 # base <> (default) with scope subtree # filter: (modifytimestamp<=20100623231323Z) # requesting: cn #
# zimbra dn: cn=zimbra cn: zimbra
# admins, zimbra dn: cn=admins,cn=zimbra cn: admins
<etc>
# list1, groups, freelancer.lab.zimbra.com dn: cn=list1,cn=groups,dc=freelancer,dc=lab,dc=zimbra,dc=com cn: list1
# search result search: 2 result: 0 Success
# numResponses: 65 # numEntries: 64
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
masarati@aero.polimi.it -
Michael Ströder -
Pierre Laporte -
Quanah Gibson-Mount -
Ralf Haferkamp