[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Antw: Transform accesslog database to LDIF for ldapmodify or other way

To: <openldap-technical@openldap.org>, "m.wandel@t-online.de" <m.wandel@t-online.de>
Subject: Re: Antw: Transform accesslog database to LDIF for ldapmodify or other way
From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
Date: Wed, 08 Feb 2017 08:10:12 +0100
Content-disposition: inline
In-reply-to: <ba56f41c-ca52-0f29-4b64-2f068b27bca8@t-online.de>
References: <84658c11-b467-f162-93cc-4e6cafc19ef9@t-online.de> <589843B6020000A1000243BF@gwsmtp1.uni-regensburg.de> <ba56f41c-ca52-0f29-4b64-2f068b27bca8@t-online.de>

>>> Michael Wandel <m.wandel@t-online.de> schrieb am 07.02.2017 um 17:25 in
Nachricht <ba56f41c-ca52-0f29-4b64-2f068b27bca8@t-online.de>:
> On 06.02.2017 09:36, Ulrich Windl wrote:
>>>>> Michael Wandel <m.wandel@t-online.de> schrieb am 02.02.2017 um 17:32 in
>> Nachricht <84658c11-b467-f162-93cc-4e6cafc19ef9@t-online.de>:
>>> Hey,
>>>
>>> I'm searching for a tool which is able to transform an accesslog
>>> Database to an ldif file, what can be used for ldapmodify.
>> 
>> I think it's possible, and I did something like that. Mostly to recover
from 
> my mistakes, and for documentation purposes. It's not trivial, however. My 
> LDIF output for a change looks like this:
>> 
>> ### 20170102084415.000003Z uid=user,ou=people,dc=domain,dc=org
>> ## auditModify(modify)[83466,cn=Admin,dc=domain,dc=org]
>> ## {0}{1.3.6.1.4.1.4203.666.5.12 criticality TRUE}:
>> #< entryCSN: 20161220083510.859974Z#000000#001#000000
>> #< modifiersName: cn=Admin,dc=domain,dc=org
>> #< modifyTimestamp: 20161220083510Z
>> #= modifiersName: cn=Admin,dc=domain,dc=org
>> 
>> dn: uid=user,ou=people,dc=domain,dc=org
>> changetype: modify
>> replace: entryCSN
>> entryCSN: 20170102084415.765596Z#000000#001#000000
>> -
>> replace: modifyTimestamp
>> modifyTimestamp: 20170102084415Z
>> -
>> add: pwdFailureTime
>> pwdFailureTime: 20170102084415Z
>> 
>> (Those "<" are previous values and "=" are unchanged values)
>> 
>> Note that the LDIF is forward (for re-applying) the changes. My program
also 
> has an option to produce a "backward LDIF" to create the corresponding 
> "undo". Also note that not all attributes presented in my LDIF can be
changed 
> vie LDIF.
>> 
> 
> Nice to hear about, where can i find these tool, is there a download link
??

Sorry, it's an in-house development. But any talented programmer can write
what you need within a few days.
Quanah Gibson-Mount <quanah@symas.com> has published a simple version you
could use also.

Regards,
Ulrich


> 
> best regards
> 
> Michael
> 
> 
>>>
>>> Or is there an alternative way to use the accesslog to rebuild an ldap
>>> database from a backup time to actual ?
>>>
>>> Every hint is welcome
>> 
>> Regards,
>> Ulrich
>> 
>>>
>>> best regards
>>>
>>> Michael
>> 
>> 
>> 
>> 
>> 
> 
> 
> -- 
> Michael Wandel
> Braakstraße 43
> 33647 Bielefeld

Follow-Ups:
- Re: Antw: Transform accesslog database to LDIF for ldapmodify or other way
  - From: Michael Wandel <m.wandel@t-online.de>

References:
- Transform accesslog database to LDIF for ldapmodify or other way
  - From: Michael Wandel <m.wandel@t-online.de>
- Antw: Transform accesslog database to LDIF for ldapmodify or other way
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
- Re: Antw: Transform accesslog database to LDIF for ldapmodify or other way
  - From: Michael Wandel <m.wandel@t-online.de>

Prev by Date: Re: help troubleshooting
Next by Date: Re: Antw: Transform accesslog database to LDIF for ldapmodify or other way
Index(es):
- Chronological
- Thread