Open LDAP Auditing not showing timestamp when deleting members

Question

We are preparing an audit script for LDAP and we have openldap.

The auditlog has timestamp when adding a new member or modifying a member.

The audit.ldif is as follows:

# add 144294514 dc=com,cn=admin IP=...
dn:..
modifyTimestamp: 20150922180548Z
# end add 1442945148

# modify 1442945124 dc=com,cn=admin IP=...
...
-
replace: modifyTimestamp
modifyTimestamp: 20150922180524Z
-
# end modify 1442945124

# delete 1442945148 dc=com,cn=admin IP=...
dn: ...
changetype: delete
# end delete 1442945148

Here we have timestamp for both add and modify. However, there is no timestamp for delete.

I couldn't find any useful information on how to enable timestamp for LDAP Auditing delete operation.

Is there a way to log the delete timestamp in the audit log?

The audit report is expected to show user actions on a daily basis and timestamp is mandatory.

Thanks, Mathew Liju

There can't be timestamps in the delete LDIF, because there is no entry to put the timestamp into. So it's put there in the surrounding comments. — user207421, Nov 24 '15 at 04:01

score 3 · Accepted Answer · answered Nov 19 '15 at 14:04

there are timestamps in your log.

the "modifyTimestamp:" is NOT what you should searching for, this is just the attribute was is set in ldap, at the entry.

your auditlog uses UNIX timestamps: https://en.wikipedia.org/wiki/Unix_time

look at the

# delete TIMESTAMP dc=com,cn=admin IP=...
..
# end delete TIMESTAMP

that translates to (for my timezone)

Di 22. Sep 20:05:48 CEST 2015

on linux cmd use

date --date='@TIMESTAMP'

to translate that timestamps, or use an online converter

Thank you and I never thought like that. – Liju Mathew Jun 08 '16 at 16:41 — Liju Mathew, Jun 08 '16 at 16:41

Open LDAP Auditing not showing timestamp when deleting members

1 Answers1