Re: [Freeipa-devel] Storing/Looking up the creation time of a type

[James]

On Thu, 2014-07-24 at 08:40 +0300, Alexander Bokovoy wrote:
> On Thu, 24 Jul 2014, James wrote:
> >Hi devel,
> >
> >It would be particularly useful if each FreeIPA entry (eg: user, host,
> >service, etc...) had creation and last modified timestamps. Do these
> >fields already exist, and if they do, how can I access them?
> >
> >If they do not, I would like to propose these as a feature request.
> These are called operational attributes and are available already, look
> at RFC 2251.
>  389-ds implements some more, check
> http://directory.fedoraproject.org/wiki/Howto:OperationalAttributes for
> details.

As usual ab, your responses are always particularly helpful. Thanks!!

> 
> $  ldapsearch -Y GSSAPI uid=admin modifyTimestamp createTimestamp
> SASL/GSSAPI authentication started
> SASL username: ad...@t.vda.li
> SASL SSF: 56
> SASL data security layer installed.
> # extended LDIF
> #
> # LDAPv3
> # base  (default) with scope subtree
> # filter: uid=admin
> # requesting: modifyTimestamp createTimestamp 
> #
> 
> # admin, users, compat, t.vda.li
> dn: uid=admin,cn=users,cn=compat,dc=t,dc=vda,dc=li
> modifyTimestamp: 20140722091651Z
> createTimestamp: 20140722091651Z
> 
> # admin, users, accounts, t.vda.li
> dn: uid=admin,cn=users,cn=accounts,dc=t,dc=vda,dc=li
> modifyTimestamp: 20140724053745Z
> createTimestamp: 20140722091018Z
> 
> # search result
> search: 4
> result: 0 Success
> 
> # numResponses: 3
> # numEntries: 2

Will the modify and create timestamps be the same from replica to
replica for the same item? I'm hoping they are, however if they aren't,
are there any recommended practices to ensure consistency across
queries?

> 
> 
> Note that operational attributes modifyTimestamp and createTimestamp for
> compat tree differ from the main tree due to the way of working of
> slapi-nis plugin. If you stick to the main tree, you should be fine.
Do you think you could briefly elaborate what the difference is and/or
how to avoid the compat tree?

> 
> 
> 
Thanks again,
James




signature.asc
Description: This is a digitally signed message part
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] Storing/Looking up the creation time of a type

[Alexander Bokovoy]

On Thu, 24 Jul 2014, James wrote:

Hi devel,

It would be particularly useful if each FreeIPA entry (eg: user, host,
service, etc...) had creation and last modified timestamps. Do these
fields already exist, and if they do, how can I access them?

If they do not, I would like to propose these as a feature request.

These are called operational attributes and are available already, look
at RFC 2251. 389-ds implements some more, check
http://directory.fedoraproject.org/wiki/Howto:OperationalAttributes for
details.

$  ldapsearch -Y GSSAPI uid=admin modifyTimestamp createTimestamp
SASL/GSSAPI authentication started
SASL username: ad...@t.vda.li
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base  (default) with scope subtree
# filter: uid=admin
# requesting: modifyTimestamp createTimestamp 
#


# admin, users, compat, t.vda.li
dn: uid=admin,cn=users,cn=compat,dc=t,dc=vda,dc=li
modifyTimestamp: 20140722091651Z
createTimestamp: 20140722091651Z

# admin, users, accounts, t.vda.li
dn: uid=admin,cn=users,cn=accounts,dc=t,dc=vda,dc=li
modifyTimestamp: 20140724053745Z
createTimestamp: 20140722091018Z

# search result
search: 4
result: 0 Success

# numResponses: 3
# numEntries: 2


Note that operational attributes modifyTimestamp and createTimestamp for
compat tree differ from the main tree due to the way of working of
slapi-nis plugin. If you stick to the main tree, you should be fine.



--
/ Alexander Bokovoy

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel