3:54 a.m.
Hello,
We produce for production environments an IDMsystem which is able to
publish/dublicate changes in OpenLDAP/LDAP directories to other management
databases and vice versa. This works fine in most of the cases of changes in
LDAP. The only problem we see, is get information about deletion of
objects (users) which were done while the IDMsystem was either down or
network not available.
What is the correct way to search for deleted objects. We have read about
a filter search, based on 'isDeleted=*' or 'isDeleted=TRUE. But we can
not get any result with this.
Thanks for some hints about this.
matthias
--
Matthias Apitz, ✉ guru(a)unixarea.de, 🌐 http://www.unixarea.de/ ☎ +49-176-38902045
4:21 a.m.
Matthias Apitz wrote:
Hello,
We produce for production environments an IDMsystem which is able to
publish/dublicate changes in OpenLDAP/LDAP directories to other management
databases and vice versa. This works fine in most of the cases of changes in
LDAP. The only problem we see, is get information about deletion of
objects (users) which were done while the IDMsystem was either down or
network not available.
What is the correct way to search for deleted objects. We have read about
a filter search, based on 'isDeleted=*' or 'isDeleted=TRUE. But we can
not get any result with this.
There is no isDeleted attribute in OpenLDAP.
Read RFC4533.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
6:55 a.m.
New subject: Antw: Re: retrieving information about deleted objects
>> Howard Chu <hyc(a)symas.com> schrieb am 02.11.2015 um
13:21 in Nachricht
<56375547.10707(a)symas.com>:
Matthias Apitz wrote:
>
>
> Hello,
>
> We produce for production environments an IDMsystem which is able to
> publish/dublicate changes in OpenLDAP/LDAP directories to other management
> databases and vice versa. This works fine in most of the cases of changes in
> LDAP. The only problem we see, is get information about deletion of
> objects (users) which were done while the IDMsystem was either down or
> network not available.
>
> What is the correct way to search for deleted objects. We have read about
> a filter search, based on 'isDeleted=*' or 'isDeleted=TRUE. But we can
> not get any result with this.
accesslog also logs delete operations.
There is no isDeleted attribute in OpenLDAP.
Read RFC4533.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
5:18 a.m.
Am Mon, 2 Nov 2015 12:54:59 +0100
schrieb Matthias Apitz <guru(a)unixarea.de>:
Hello,
We produce for production environments an IDMsystem which is able to
publish/dublicate changes in OpenLDAP/LDAP directories to other
management databases and vice versa. This works fine in most of the
cases of changes in LDAP. The only problem we see, is get information
about deletion of objects (users) which were done while the IDMsystem
was either down or network not available.
What is the correct way to search for deleted objects. We have read
about a filter search, based on 'isDeleted=*' or 'isDeleted=TRUE. But
we can not get any result with this.
Thanks for some hints about this.
You may set up slapdo-accesslog(5) and have your clients checking this
database.
-Dieter
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E
2646
days inactive
2646
days old
openldap-technical@openldap.org
3 comments
4 participants
participants (4)
-
Dieter Klünter -
Howard Chu -
Matthias Apitz -
Ulrich Windl