4.2. Tracking Entry Modifications through Operational Attributes

Using the default settings, Directory Server tracks the following operational attributes for every entry:
  • creatorsName: The distinguished name (DN) of the user who initially created the entry.
  • createTimestamp: The times stamp in Greenwich Mean Time (GMT) format when the entry was created.
  • modifiersName: The distinguished name of the user who last modified the entry.
  • modifyTimestamp: The time stamp in the GMT format for when the entry was last modified.
Note that operational attributes are not returned in default searches. You must explicitly request these attributes in queries. For details, see Section 14.5.7, “Searching for Operational Attributes”.

Important

Red Hat recommends not disabling tracking these operational attributes. If disabled, entries do not get a unique ID assigned in the nsUniqueID attribute and replication does not work.

4.2.2. How to Enable Tracking Of Modifications Using the Command Line

Modification tracking is enabled by default, and Red Hat recommends not disabling this feature. To re-enable tracking of entry modifications using the command line:
  1. Set the nsslapd-lastmod to on:
    # ldapmodify -D "cn=Directory Manager" -W -p 389 -h server.example.com -x
    
    dn: cn=config
    nsslapd-lastmod: on
  2. Optionally, to regenerate the missing nsUniqueID attributes:
    1. Export the database to an LDAP Data Interchange Format (LDIF) file. See Section 6.2.3, “Exporting a Database to LDIF Using the Command Line”.
    2. Import the database from the LDIF file. See Section 6.1.4, “Importing from the Command Line”.

4.2.3. How to Enable Tracking Of Modifications Using the Console

Modification tracking is enabled by default, and Red Hat recommends not disabling this feature. To re-enable tracking of entry modifications using the Console:
  1. Open the Directory Server Console. See Section 1.3.1, “Opening the Directory Server Console”.
  2. On the Configuration tab, select the server name.
  3. On the Settings tab, select the Track Entry Modification Times check box.
  4. Optionally, to regenerate the missing nsUniqueID attributes:
    1. Export the database to an LDAP Data Interchange Format (LDIF) file. See Section 6.2.3, “Exporting a Database to LDIF Using the Command Line”.
    2. Import the database from the LDIF file. See Section 6.1.4, “Importing from the Command Line”.