[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Fwd: ldapsearch using entryCSN

> Hi,
> I'm trying to search entries in an OpenLDAP (v2.4.7) directory using their
> last modification date as a criteria.


> Digging in the schemas, I couldn't
> find an attribute that contained such a value. The only thing I found was
> the internal attribute "entryCSN" used by OpenLDAP to manage
> synchronization.
> I tried to do several ldapsearch queries, but I couldn't manage to obtain
> a
> decent result.
> Using "(&(objectClass=groupOfUniqueNames))"
> => I get every group of the directory. I can see that lots of them were
> modified in 2009
> Related problem :
> Using "(&(objectClass=groupOfUniqueNames)(entryCSN<=20091224))"
> => The slapd2.4 process stops without returning anything.
> Using "(&(objectClass=groupOfUniqueNames)(entryCSN <= 20091224))"
> (The same query with spaces)
> => I don?t get any result. Shouldn't I retrieve the entries modified
> before
> 2010/12/24 ?
> Using "(&(objectClass=groupOfUniqueNames)(entryCSN >= 20091224))"
> => I don?t get any result. Shouldn't I retrieve the entries modified after
> 2010/12/24 ?
> - Does anyone know how to filter entries using their entryCSN?
> - Btw, is it even possible?

It is; it uses the csnOrderingMatch rule.  However, to use that rule, you
need to provide a valid CSN assertion value, and yours isn't.  A CSN is
something like


See <http://www.openldap.org/faq/data/cache/1145.html> for a description
of the syntax.  Your search would be


You can specifically select modifications related to a single server by
using the CSNSIDMatch rule, e.g.


only evaluates entryCSN whose SID is 002 (the SID portion is not evaluated
in the CSNOrderingMatch rule).