Re: access accesslog: how do I search for modifications under a subtree?

[Pierangelo Masarati <ando@sys-net.it>]

Zhang Weiwu wrote:
> Dear everyone
> 
> I use accesslog and is pretty fond of it. Recently I need to look up
> several deleted entries, who deleted them and when, who modified these
> entries before deletion. And I found it not easy.
> 
> All the clue I have is the deleted entries, before they are deleted, are
> in certain subtree. I first thought I can do a search like this:
> ldapsearch ...(accesslog db)... '(reqDn=*uid=dep1,ou=contacts,dc=example,dc=com)'

Of course DNs do not support substring match.

> Where 'uid=dep1,ou=contacts,dc=example,dc=com' is the parent node of the
> node that was deleted.
> 
> This doesn't work (always return no result). I guess one reason is
> wildcard search is not allowed in reqDn for certain reason.
> 
> The second idea is to dump while accesslog database and do some grepping
> and awking around it. But that way the whole means of using ldap
> database for accesslog is lost. The reason of using ldapdatabase for
> accesslog, rather than a plain text file, is to be able to search for
> modification records without having to do grepping and awking
> (especially grepping might be diffcult because the dn might been base64
> encoded in ldif dumped from database)
> 
> So again can someone with experience show what you would do in this
> case? 


Try

$ ldapsearch \
	'(reqDn:dnSubtreeMatch:=uid=dep1,ou=contacts,dc=example,dc=com)'

See RFC4515 for a specification of extensible filters; the
dnSubtreeMatch rule is an OpenLDAP extension, AFAIK.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------