Rob Shepherd writes: > Is it possible to make queries to internal data, as well as directory > entry attributes?
Yes. If you want a search to return internal data for an entry, aka operational attributes, you must explicitly ask for them. As an OpenLDAP extension, asking for "+" requests all operational attributes. And remember that asking for any attribute cancels the default "*", so if you want both all operational and user attributes, ask for both "*" and "+". > I want to query when an attribute was added to the directory, without > having to make an external repository for this info, in another > database or file, or supplementary descriptive $ ldapsearch -xLLLh ldap.uio.no -b dc=uio,dc=no "(uid=hbf)" modifyTimestamp dn: uid=hbf,cn=people,dc=uio,dc=no modifyTimestamp: 20070329084312Z > Is there a backend way to make attributes expire? man slapo-dds and (for passwords) slapo-ppolicy. -- Regards, Hallvard
