Antw: Transform accesslog database to LDIF for ldapmodify or other way

["Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>]

>>> Michael Wandel <m.wandel@t-online.de> schrieb am 02.02.2017 um 17:32 in
Nachricht <84658c11-b467-f162-93cc-4e6cafc19ef9@t-online.de>:
> Hey,
> 
> I'm searching for a tool which is able to transform an accesslog
> Database to an ldif file, what can be used for ldapmodify.

I think it's possible, and I did something like that. Mostly to recover from my mistakes, and for documentation purposes. It's not trivial, however. My LDIF output for a change looks like this:

### 20170102084415.000003Z uid=user,ou=people,dc=domain,dc=org
## auditModify(modify)[83466,cn=Admin,dc=domain,dc=org]
## {0}{1.3.6.1.4.1.4203.666.5.12 criticality TRUE}:
#< entryCSN: 20161220083510.859974Z#000000#001#000000
#< modifiersName: cn=Admin,dc=domain,dc=org
#< modifyTimestamp: 20161220083510Z
#= modifiersName: cn=Admin,dc=domain,dc=org

dn: uid=user,ou=people,dc=domain,dc=org
changetype: modify
replace: entryCSN
entryCSN: 20170102084415.765596Z#000000#001#000000
-
replace: modifyTimestamp
modifyTimestamp: 20170102084415Z
-
add: pwdFailureTime
pwdFailureTime: 20170102084415Z

(Those "<" are previous values and "=" are unchanged values)

Note that the LDIF is forward (for re-applying) the changes. My program also has an option to produce a "backward LDIF" to create the corresponding "undo". Also note that not all attributes presented in my LDIF can be changed vie LDIF.

> 
> Or is there an alternative way to use the accesslog to rebuild an ldap
> database from a backup time to actual ?
> 
> Every hint is welcome

Regards,
Ulrich

> 
> best regards
> 
> Michael