15.22. Using the Retro Changelog Plug-in
changeLogEntryand can include the attributes listed in Table 15.1, “Attributes of a Retro Changelog Entry”.
Table 15.1. Attributes of a Retro Changelog Entry
|changeNumber||This single-valued attribute is always present. It contains an integer which uniquely identifies each change. This number is related to the order in which the change occurred. The higher the number, the later the change.|
|targetDN|| This attribute contains the DN of the entry that was affected by the LDAP operation. In the case of a |
|changetype|| Specifies the type of LDAP operation. This attribute can have a value of add, delete, modify, or |
|changes||For add and modify operations, contains the changes made to the entry in LDIF format.|
|newrdn|| In the case of |
|deleteoldrdn|| In the case of |
|newSuperior|| In the case of |
15.22.1. Enabling the Retro Changelog Plug-in
cn=Retro Changelog Plugin,cn=plugins,cn=configentry in
dse.ldif. To enable the retro changelog plug-in from the command line:
- Create an LDIF file that contains the following LDIF update statements:
dn: cn=Retro Changelog Plugin,cn=plugins,cn=config changetype: modify replace: nsslapd-pluginEnabled nsslapd-pluginEnabled: on
- Use the
ldapmodifycommand to import the LDIF file into the directory.
# ldapmodify -D "cn=Directory Manager" -W -p 389 -h server.example.com -x -f retro.ldif
- Restart the server.For information on restarting the server, see Section 1.4, “Starting and Stopping a Directory Server Instance”.
15.22.2. Trimming the Retro Changelog
nsslapd-changelogmaxageparameter and the next trim interval, set in
nsslapd-changelog-trim-interval, is executed.
# ldapmodify -D "cn=Directory Manager" -W -p 389 -h server.example.com -x dn: cn=Retro Changelog Plugin,cn=plugins,cn=config changetype: modify replace: nsslapd-changelogmaxage nsslapd-changelogmaxage: 2d
15.22.3. Searching and Modifying the Retro Changelog
15.22.4. Retro Changelog and the Access Control Policy
- Read, search, and compare rights are granted to all authenticated users (
userdn=anyone, not to be confused with anonymous access where
userdn=all) to the retro changelog top entry
- Write and delete access are not granted, except implicitly to the Directory Manager.
aciattribute of the