Ulrich Windl wrote: >>>> Quanah Gibson-Mount <[email protected]> schrieb am 12.10.2019 um 00:59 in > Nachricht <9CEEEE149A9041259AA8E765@[192.168.1.144]>: > >> >> ‑‑On Wednesday, October 9, 2019 3:58 PM +0000 Michael Starling >> <[email protected]> wrote: >> >>> >>> Is there any OpenLDAP control equivalent to the Microsoft's >> >>> LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.113556.1.4.417" ? >>> >>> >>> I would like to pull a list of user accounts that have been deleted along >>> with the corresponding date/time. >> >> If you delete an entry with OpenLDAP, then it is deleted. There are no >> tombstones. Generally if you want to have access to old account >> information, it's a better design to have an attribute that tracks whether >> an account is active/inactive/whatever, and then flip its bit. > > Querying accesslog (if configured) could provide such information.
One could even write an overlay that used the accesslog to emulate the functionality of the Microsoft control. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
