[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Detecting changes in the directory

Tony Earnshaw wrote:
Naufal Sheikh skrev, on 13-11-2007 20:38:

Is there anyway to detetct the modifications made

Here OL 2.3.x. delta syncrepl.

Suppose you could run a script an intervals looking for whatever you
want in the operational attributes, if you have sufficient rights.

ldapsearch -LLL -x -D "cn=proxy,dc=barlaeus,dc=nl" -w secret
'uid=zzuilhof' modifyTimestamp

modifyTimestamp: 20071106101131Z

and/or addition,subtraction made to directory for a certain period of time
without using replication?

We presume you're up to date with latest 2.3 and have configured delta syncrepl, not slurpd. Avoid slurpd at all costs.

Did I mention avoiding slurpd?

Noppies (Dutch ;)) meaning "No". Adding (2.3.x) a delta syncrepl
provider to your slapd.conf will only cost you a little headache to
configure, you don't need ever to use it for replication, but it will
add records to your changelog DB that will do what you want for searching:

The accesslog overlay creates change records regardless of syncprov. You imply a dependency where no such dependency exists; accesslog has other uses besides supporting replication.

ldapsearch2.3 -LLL -x -D "cn=proxy,dc=barlaeus,dc=nl" -w secret -b
'cn=changelog' reqDn

The latter will return multiple values; your script (the one you write
yourself in shell or Perl) will extract the requisite information.

I will be running openldap on my backup
machine for two hours and I am not sure how I can see if there were
any changes made during those two hours, so that I can do the same on
my production.

So it sounds like he wants to do manually-controlled replication. The big question here is why do it manually?

Well, you could as well run the gq GUI (is what I do), which would let
you know as well as my above suggestions. Both work :)

Did I mention avoiding slurpd?


-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/