Hello,
We produce for production environments an IDMsystem which is able to publish/dublicate changes in OpenLDAP/LDAP directories to other management databases and vice versa. This works fine in most of the cases of changes in LDAP. The only problem we see, is get information about deletion of objects (users) which were done while the IDMsystem was either down or network not available.
What is the correct way to search for deleted objects. We have read about a filter search, based on 'isDeleted=*' or 'isDeleted=TRUE. But we can not get any result with this.
Thanks for some hints about this.
matthias
Matthias Apitz wrote:
Hello,
We produce for production environments an IDMsystem which is able to publish/dublicate changes in OpenLDAP/LDAP directories to other management databases and vice versa. This works fine in most of the cases of changes in LDAP. The only problem we see, is get information about deletion of objects (users) which were done while the IDMsystem was either down or network not available.
What is the correct way to search for deleted objects. We have read about a filter search, based on 'isDeleted=*' or 'isDeleted=TRUE. But we can not get any result with this.
There is no isDeleted attribute in OpenLDAP.
Read RFC4533.
Howard Chu hyc@symas.com schrieb am 02.11.2015 um 13:21 in Nachricht
Matthias Apitz wrote:
Hello,
We produce for production environments an IDMsystem which is able to publish/dublicate changes in OpenLDAP/LDAP directories to other management databases and vice versa. This works fine in most of the cases of changes in LDAP. The only problem we see, is get information about deletion of objects (users) which were done while the IDMsystem was either down or network not available.
What is the correct way to search for deleted objects. We have read about a filter search, based on 'isDeleted=*' or 'isDeleted=TRUE. But we can not get any result with this.
accesslog also logs delete operations.
There is no isDeleted attribute in OpenLDAP.
Read RFC4533.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Am Mon, 2 Nov 2015 12:54:59 +0100 schrieb Matthias Apitz guru@unixarea.de:
Hello,
We produce for production environments an IDMsystem which is able to publish/dublicate changes in OpenLDAP/LDAP directories to other management databases and vice versa. This works fine in most of the cases of changes in LDAP. The only problem we see, is get information about deletion of objects (users) which were done while the IDMsystem was either down or network not available.
What is the correct way to search for deleted objects. We have read about a filter search, based on 'isDeleted=*' or 'isDeleted=TRUE. But we can not get any result with this.
Thanks for some hints about this.
You may set up slapdo-accesslog(5) and have your clients checking this database.
-Dieter
openldap-technical@openldap.org
-
Dieter Klünter -
Howard Chu -
Matthias Apitz -
Ulrich Windl