[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Revision Control of LDAP Entries...

Comments below.

> Hi,
> I'm using OpenLDAP with the default BDB back-end in place of NIS for
> user information/authentication and automounting in a mixed
> Linux/Solaris environment.  I replicate to one system using slurpd -
> this will probably grow in the future.  I currently use phpLDAPadmin and
> command-line tools like ldapadd and slapadd (for bulk changes) to
> perform administrative functions on the entries.
> Has anyone come across a good method for revision control of LDAP
> entries?  Something, for example, that would allow me to easily revert
> back a change to a group or user's password or even view/import changes
> throughout history?  In our NIS environment, this has been handled
> through an RCS-invoking wrapper to a NIS ASCII map editor.  Things I've
> considered for OpenLDAP have been:
> -> Using a relational database back-end with triggers
> -> Customizing phpLDAPadmin to write out changes to a back-up directory

I wrote my own front-end to an application that does ldap changes, similar
to phpLDAPadmin.  In that application, whenever there is a change it
writes out the before and after of the particular entry.  If its a delete,
then it just writes out all the info on that entry before the delete.  I
also have the app making sure that it can write to that file before it
actually does the change/delete.

I haven't had to use it yet, but at least I have a repository of all the
changes that take place in case I need to.  I'm sure there is a better
way, but I needed something quick.  Of course, this will only work if the
change is made with the front-end.

> -> Doing something with slurpd to permanently log history
> Has anyone wondered or done the similar things?
> Thanks,
> Roy