[Freeipa-devel] Storing/Looking up the creation time of a type
Alexander Bokovoy
abokovoy at redhat.com
Thu Jul 24 05:40:45 UTC 2014
On Thu, 24 Jul 2014, James wrote:
>Hi devel,
>
>It would be particularly useful if each FreeIPA entry (eg: user, host,
>service, etc...) had creation and last modified timestamps. Do these
>fields already exist, and if they do, how can I access them?
>
>If they do not, I would like to propose these as a feature request.
These are called operational attributes and are available already, look
at RFC 2251. 389-ds implements some more, check
http://directory.fedoraproject.org/wiki/Howto:OperationalAttributes for
details.
$ ldapsearch -Y GSSAPI uid=admin modifyTimestamp createTimestamp
SASL/GSSAPI authentication started
SASL username: admin at T.VDA.LI
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <dc=t,dc=vda,dc=li> (default) with scope subtree
# filter: uid=admin
# requesting: modifyTimestamp createTimestamp
#
# admin, users, compat, t.vda.li
dn: uid=admin,cn=users,cn=compat,dc=t,dc=vda,dc=li
modifyTimestamp: 20140722091651Z
createTimestamp: 20140722091651Z
# admin, users, accounts, t.vda.li
dn: uid=admin,cn=users,cn=accounts,dc=t,dc=vda,dc=li
modifyTimestamp: 20140724053745Z
createTimestamp: 20140722091018Z
# search result
search: 4
result: 0 Success
# numResponses: 3
# numEntries: 2
Note that operational attributes modifyTimestamp and createTimestamp for
compat tree differ from the main tree due to the way of working of
slapi-nis plugin. If you stick to the main tree, you should be fine.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list