[Date Prev][Date Next]
Re: Revision Control of LDAP Entries...
> I'm using OpenLDAP with the default BDB back-end in place of NIS for
> user information/authentication and automounting in a mixed
> Linux/Solaris environment. I replicate to one system using slurpd -
> this will probably grow in the future. I currently use phpLDAPadmin and
> command-line tools like ldapadd and slapadd (for bulk changes) to
> perform administrative functions on the entries.
> Has anyone come across a good method for revision control of LDAP
> entries? Something, for example, that would allow me to easily revert
> back a change to a group or user's password or even view/import changes
> throughout history? In our NIS environment, this has been handled
> through an RCS-invoking wrapper to a NIS ASCII map editor. Things I've
> considered for OpenLDAP have been:
> -> Using a relational database back-end with triggers
> -> Customizing phpLDAPadmin to write out changes to a back-up directory
I wrote my own front-end to an application that does ldap changes, similar
to phpLDAPadmin. In that application, whenever there is a change it
writes out the before and after of the particular entry. If its a delete,
then it just writes out all the info on that entry before the delete. I
also have the app making sure that it can write to that file before it
actually does the change/delete.
I haven't had to use it yet, but at least I have a repository of all the
changes that take place in case I need to. I'm sure there is a better
way, but I needed something quick. Of course, this will only work if the
change is made with the front-end.
> -> Doing something with slurpd to permanently log history
> Has anyone wondered or done the similar things?