On Thu, 24 Jul 2014, James wrote:
Hi devel,
It would be particularly useful if each FreeIPA entry (eg: user, host,
service, etc...) had creation and last modified timestamps. Do these
fields already exist, and if they do, how can I access them?
If they do not, I would like to propose these as a feature request.
These are called operational attributes and are available already, look
at RFC 2251. 389-ds implements some more, check
http://directory.fedoraproject.org/wiki/Howto:OperationalAttributes for
details.
$ ldapsearch -Y GSSAPI uid=admin modifyTimestamp createTimestamp
SASL/GSSAPI authentication started
SASL username: [email protected]
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <dc=t,dc=vda,dc=li> (default) with scope subtree
# filter: uid=admin
# requesting: modifyTimestamp createTimestamp
#
# admin, users, compat, t.vda.li
dn: uid=admin,cn=users,cn=compat,dc=t,dc=vda,dc=li
modifyTimestamp: 20140722091651Z
createTimestamp: 20140722091651Z
# admin, users, accounts, t.vda.li
dn: uid=admin,cn=users,cn=accounts,dc=t,dc=vda,dc=li
modifyTimestamp: 20140724053745Z
createTimestamp: 20140722091018Z
# search result
search: 4
result: 0 Success
# numResponses: 3
# numEntries: 2
Note that operational attributes modifyTimestamp and createTimestamp for
compat tree differ from the main tree due to the way of working of
slapi-nis plugin. If you stick to the main tree, you should be fine.
--
/ Alexander Bokovoy
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
