[Date Prev][Date Next]
Re: Fwd: ldapsearch using entryCSN
> I'm trying to search entries in an OpenLDAP (v2.4.7) directory using their
> last modification date as a criteria.
> Digging in the schemas, I couldn't
> find an attribute that contained such a value. The only thing I found was
> the internal attribute "entryCSN" used by OpenLDAP to manage
> I tried to do several ldapsearch queries, but I couldn't manage to obtain
> decent result.
> Using "(&(objectClass=groupOfUniqueNames))"
> => I get every group of the directory. I can see that lots of them were
> modified in 2009
> Related problem :
> Using "(&(objectClass=groupOfUniqueNames)(entryCSN<=20091224))"
> => The slapd2.4 process stops without returning anything.
> Using "(&(objectClass=groupOfUniqueNames)(entryCSN <= 20091224))"
> (The same query with spaces)
> => I don?t get any result. Shouldn't I retrieve the entries modified
> 2010/12/24 ?
> Using "(&(objectClass=groupOfUniqueNames)(entryCSN >= 20091224))"
> => I don?t get any result. Shouldn't I retrieve the entries modified after
> 2010/12/24 ?
> - Does anyone know how to filter entries using their entryCSN?
> - Btw, is it even possible?
It is; it uses the csnOrderingMatch rule. However, to use that rule, you
need to provide a valid CSN assertion value, and yours isn't. A CSN is
See <http://www.openldap.org/faq/data/cache/1145.html> for a description
of the syntax. Your search would be
You can specifically select modifications related to a single server by
using the CSNSIDMatch rule, e.g.
only evaluates entryCSN whose SID is 002 (the SID portion is not evaluated
in the CSNOrderingMatch rule).