Is there any OpenLDAP control equivalent to the Microsoft's >> LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.113556.1.4.417" ?
I would like to pull a list of user accounts that have been deleted along with the corresponding date/time.
Mike
--On Wednesday, October 9, 2019 3:58 PM +0000 Michael Starling mlstarling31@hotmail.com wrote:
Is there any OpenLDAP control equivalent to the Microsoft's >> LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.113556.1.4.417" ?
I would like to pull a list of user accounts that have been deleted along with the corresponding date/time.
If you delete an entry with OpenLDAP, then it is deleted. There are no tombstones. Generally if you want to have access to old account information, it's a better design to have an attribute that tracks whether an account is active/inactive/whatever, and then flip its bit.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
On 10/12/19 12:59 AM, Quanah Gibson-Mount wrote:
--On Wednesday, October 9, 2019 3:58 PM +0000 Michael Starling mlstarling31@hotmail.com wrote:
Is there any OpenLDAP control equivalent to the Microsoft's >> LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.113556.1.4.417" ?
I would like to pull a list of user accounts that have been deleted along with the corresponding date/time.
If you delete an entry with OpenLDAP, then it is deleted. There are no tombstones. Generally if you want to have access to old account information, it's a better design to have an attribute that tracks whether an account is active/inactive/whatever, and then flip its bit.
Additionally one can use slapo-accesslog and record all write operations to a separate database.
Ciao, Michael.
Quanah Gibson-Mount quanah@symas.com schrieb am 12.10.2019 um 00:59 in
Nachricht <9CEEEE149A9041259AA8E765@[192.168.1.144]>:
‑‑On Wednesday, October 9, 2019 3:58 PM +0000 Michael Starling mlstarling31@hotmail.com wrote:
Is there any OpenLDAP control equivalent to the Microsoft's >> LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.113556.1.4.417" ?
I would like to pull a list of user accounts that have been deleted along with the corresponding date/time.
If you delete an entry with OpenLDAP, then it is deleted. There are no tombstones. Generally if you want to have access to old account information, it's a better design to have an attribute that tracks whether an account is active/inactive/whatever, and then flip its bit.
Querying accesslog (if configured) could provide such information.
‑‑Quanah
‑‑
Quanah Gibson‑Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Ulrich Windl wrote:
Quanah Gibson-Mount quanah@symas.com schrieb am 12.10.2019 um 00:59 in
Nachricht <9CEEEE149A9041259AA8E765@[192.168.1.144]>:
‑‑On Wednesday, October 9, 2019 3:58 PM +0000 Michael Starling mlstarling31@hotmail.com wrote:
Is there any OpenLDAP control equivalent to the Microsoft's >> LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.113556.1.4.417" ?
I would like to pull a list of user accounts that have been deleted along with the corresponding date/time.
If you delete an entry with OpenLDAP, then it is deleted. There are no tombstones. Generally if you want to have access to old account information, it's a better design to have an attribute that tracks whether an account is active/inactive/whatever, and then flip its bit.
Querying accesslog (if configured) could provide such information.
One could even write an overlay that used the accesslog to emulate the functionality of the Microsoft control.
openldap-technical@openldap.org
-
Howard Chu -
Michael Starling -
Michael Ströder -
Quanah Gibson-Mount -
Ulrich Windl