Sun’s Directory Server 5.x has a facility called the Retro Change Log that was intended to maintain compatibility with the 4.x versions of the directory server. Servers of the 4.x vintage are sometimes known as the Netscape Directory Server, and of course the Sun Directory Server has gone by many names. The Retro Change Log provides a list (or log if you prefer) of changes that have occurred in the Directory Server database. In lieu of a trigger mechanism for LDAP, the Retro Change Log can be used to trigger applications to take action based on changes in the Sun Directory Server database.
By default, the Retro Change Log has information about changes that occur in the Directory Server database, such as the DN that was changed and what attributes were changed, and what values were changed. The Retro Change Log also logs adds and deletes. For auditing and synchronization purposes, it is important to know which DN requested a delete, but this information is not published by default in the Retro Change Log. To cause the directory server to log the modifiersName in delete entries of the Retro Change Log, the Retro Change Log plugin configuration must be changed to publish the modifiersName in the list of attributes for deleted entries. The name of the configuration keyword is deletedEntryAttributes, and it must configured in one of the nsslapd-pluginargX entries. For example,
would cause the objectClass, cn, and modifiersName to be published in the changelog for a deleted entry.
Often, the values of deletedEntryAttrs is base-64 encoded, for example:
The changelog entry: dn: changenumber=1203982,cn=changelog objectClass: top objectClass: changelogentry targetDn: cn=test,dc=example,dc=com changeTime: 20110512153432Z changeType: delete deletedEntryAttrs:: ZGVsZXRlOiBvYmplY3RjbGFzcwpvYmplY3RjbGFzczogdG9wCm9iamVjd GNsYXNzOiBwZXJzb24KLQpkZWxldGU6IGNuCmNuOiB0ZXN0Ci0KZGVsZXRlOiBtb2RpZmllcnNuY W1lCm1vZGlmaWVyc25hbWU6IGNuPWRpcmVjdG9yeSBtYW5hZ2VyCi0KAA== changeNumber: 1203982 decode: $ base64 decode -d ZGVsZXRlOiBvYmplY3RjbGFzcwpvYmplY3RjbGFz\ czogdG9wCm9iamVjdGNsYXNzOiBwZXJzb24KLQpkZWxld\ GU6IGNuCmNuOiB0ZXN0Ci0KZGVsZXRlOiBtb2RpZmllcn\ NuYW1lCm1vZGlmaWVyc25hbWU6IGNuPWRpcmVjdG9yeSBtYW5hZ2VyCi0KAA== delete: objectclass objectclass: top objectclass: person - delete: cn cn: test - delete: modifiersname modifiersname: cn=directory manager
The base64 utility is provided in the UnboundID Directory Server distribution.