Re: LDAP entry metadata

Rob Shepherd writes:
> Is it possible to make queries to internal data, as well as directory
> entry attributes?


If you want a search to return internal data for an entry, aka
operational attributes, you must explicitly ask for them.

As an OpenLDAP extension, asking for "+" requests all operational
attributes.  And remember that asking for any attribute cancels the
default "*", so if you want both all operational and user attributes,
ask for both "*" and "+".

> I want to query when an attribute was added to the directory, without
> having to make an external repository for this info, in another
> database or file, or supplementary descriptive

$ ldapsearch -xLLLh ldap.uio.no -b dc=uio,dc=no "(uid=hbf)" modifyTimestamp
dn: uid=hbf,cn=people,dc=uio,dc=no
modifyTimestamp: 20070329084312Z

> Is there a backend way to make attributes expire?

man slapo-dds and (for passwords) slapo-ppolicy.