Hi all,
I'd like to know if there is an easy way to monitor attributes modification ? In fact I import my users accounts, automount maps and almost everything from nismaps every hour with padl scripts (a bit modified by me). So each time scripts imports entries, it don't care if the entry already exist or not, it try to create it, which results in a lot of errors (existing entries...). Furthermore, for now, if I want to modify an entry I have to do it myself... What I'd like to do, is to supervise created or updated entry, so that I can focus only on those one... I thought about something like replog but I'm not sure that's the good way to do it...
Any help is welcome,
On Mon, Feb 01, 2010 at 12:32:44PM +0100, David LEROUX wrote:
I'd like to know if there is an easy way to monitor attributes modification
Several possibilities. One way is to configure an audit log and use the accesslog overlay to write successful modifications into it.
In fact I import my users accounts, automount maps and almost everything from nismaps every hour with padl scripts (a bit modified by me). So each time scripts imports entries, it don't care if the entry already exist or not, it try to create it, which results in a lot of errors (existing entries...).
That is the real problem: you are using scripts that were designed for a one-off data import. It would be much better to build a synchronisation system that only modifies things that actually need changing. You need to do this anyway, as re-running the PADL scripts will not deal with deletions.
Andrew
Andrew Findlay wrote:
On Mon, Feb 01, 2010 at 12:32:44PM +0100, David LEROUX wrote:
I'd like to know if there is an easy way to monitor attributes modification
Several possibilities. One way is to configure an audit log and use the accesslog overlay to write successful modifications into it.
I'm not sure to understand you, but,
In fact I import my users accounts, automount maps and almost everything from nismaps every hour with padl scripts (a bit modified by me). So each time scripts imports entries, it don't care if the entry already exist or not, it try to create it, which results in a lot of errors (existing entries...).
That is the real problem: you are using scripts that were designed for a one-off data import. It would be much better to build a synchronisation system that only modifies things that actually need changing. You need to do this anyway, as re-running the PADL scripts will not deal with deletions.
Thank you for this new point of view, everything goes clear, ldifdiff is my best new friend :)
Andrew
openldap-technical@openldap.org
-
Andrew Findlay -
David LEROUX -
David LEROUX