On Thu, 2014-07-24 at 08:40 +0300, Alexander Bokovoy wrote:
> On Thu, 24 Jul 2014, James wrote:
> >Hi devel,
> >
> >It would be particularly useful if each FreeIPA entry (eg: user, host,
> >service, etc...) had creation and last modified timestamps. Do these
> >fields already exist, and if they do, how can I access them?
> >
> >If they do not, I would like to propose these as a feature request.
> These are called operational attributes and are available already, look
> at RFC 2251.
>  389-ds implements some more, check
> http://directory.fedoraproject.org/wiki/Howto:OperationalAttributes for
> details.

As usual ab, your responses are always particularly helpful. Thanks!!

> 
> $  ldapsearch -Y GSSAPI uid=admin modifyTimestamp createTimestamp
> SASL/GSSAPI authentication started
> SASL username: ad...@t.vda.li
> SASL SSF: 56
> SASL data security layer installed.
> # extended LDIF
> #
> # LDAPv3
> # base <dc=t,dc=vda,dc=li> (default) with scope subtree
> # filter: uid=admin
> # requesting: modifyTimestamp createTimestamp 
> #
> 
> # admin, users, compat, t.vda.li
> dn: uid=admin,cn=users,cn=compat,dc=t,dc=vda,dc=li
> modifyTimestamp: 20140722091651Z
> createTimestamp: 20140722091651Z
> 
> # admin, users, accounts, t.vda.li
> dn: uid=admin,cn=users,cn=accounts,dc=t,dc=vda,dc=li
> modifyTimestamp: 20140724053745Z
> createTimestamp: 20140722091018Z
> 
> # search result
> search: 4
> result: 0 Success
> 
> # numResponses: 3
> # numEntries: 2

Will the modify and create timestamps be the same from replica to
replica for the same item? I'm hoping they are, however if they aren't,
are there any recommended practices to ensure consistency across
queries?

> 
> 
> Note that operational attributes modifyTimestamp and createTimestamp for
> compat tree differ from the main tree due to the way of working of
> slapi-nis plugin. If you stick to the main tree, you should be fine.
Do you think you could briefly elaborate what the difference is and/or
how to avoid the compat tree?

> 
> 
> 
Thanks again,
James


Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to