4.2. Tracking Entry Modifications through Operational Attributes

Using the default settings, Directory Server tracks the following operational attributes for every entry:
  • creatorsName: The distinguished name (DN) of the user who initially created the entry.
  • createTimestamp: The times stamp in Greenwich Mean Time (GMT) format when the entry was created.
  • modifiersName: The distinguished name of the user who last modified the entry.
  • modifyTimestamp: The time stamp in the GMT format for when the entry was last modified.
Note that operational attributes are not returned in default searches. You must explicitly request these attributes in queries. For details, see Section 14.4.7, “Searching for Operational Attributes”.


Red Hat recommends not disabling tracking these operational attributes. If disabled, entries do not get a unique ID assigned in the nsUniqueID attribute and replication does not work.

4.2.2. Enabling Tracking of Modifications

By default, Directory Server tracks modifications in operational attributes.


Red Hat recommends not disabling this feature.
This section describes how to re-enable tracking of modifications in case that you disabled the feature. Enabling Tracking Of Modifications Using the Command Line

To re-enable tracking of entry modifications using the command line:
  1. Set the nsslapd-lastmod parameter to on:
    # dsconf -D "cn=Directory Manager" ldap://server.example.com config replace nsslapd-lastmod=on
  2. Optionally, to regenerate the missing nsUniqueID attributes:
    1. Export the database into an LDAP Data Interchange Format (LDIF) file. See Section 6.2.1, “Exporting Data into an LDIF File Using the Command Line”.
    2. Import the database from the LDIF file. See Section 6.1.2, “Importing Using the Command Line”.