Monitoring soft deletes
The server provides monitoring entries and logs to track all soft delete operations. The access and debug logs do not have any options specific for soft deletes.
New monitor entries
Two new monitor entries are present for a backend monitor entry.
Administrators see the following additional monitor entries on cn=userRoot
Backend,cn=monitor:
ds-soft-delete-entry-operations-count-
Displays the number of soft deletes performed on the backend since server startup.
ds-undelete-operations-count-
Displays the number of undeletes performed on the backend since server startup.
ds-backend-soft-deleted-entry-count-
Displays the current number of soft-deleted entries in the database.
ds-auto-purged-soft-deleted-entry-count-
Displays the current number of soft-deleted entries purged since the backend or server was restarted.
Access logs
The access log records the LDAP operations corresponding to soft delete and undelete for DELETE, SEARCH, MODIFY, and ADD operations with the related soft-deleted values.
The access log does not require any configuration for soft delete.
DELETE(soft-delete) operations-
The access log displays the following.
[14/May/2012:09:40:16.942 -0500] DELETE RESULT conn=18 op=1 msgID=2 dn="uid=user.1,ou=People,dc=example,dc=com" resultCode=0 etime=30.367 softDeleteEntryDN="entryUUID=4e9b7847-edcb-3791-b11b-7505f4a55af4+uid=user.1, ou=People,dc=example,dc=com"
SEARCHoperations for soft-deleted entries-
The access log displays the following.
[14/May/2012:09:40:52.320 -0500] SEARCH RESULT conn=19 op=1 msgID=2 base="dc=example,dc=com" scope=2 filter="(objectclass=ds-soft-delete-entry)" attrs="ALL" resultCode=0 etime=1.631 entriesReturned=1
MODIFYoperations of soft-deleted entries-
The access log displays the following.
[14/May/2012:09:42:43.679 -0500] MODIFY RESULT conn=20 op=1 msgID=1 dn="entryUUID=4e9b7847-edcb-3791-b11b-7505f4a55af4+uid=user.1,ou=People,dc=exam- ple,dc=com" resultCode=0 etime=2.639 changeToSoftDeletedEntry=true
ADD(soft-undelete) operations-
The access log displays the following.
[14/May/2012:09:58:16.728 -0500] ADD RESULT conn=25 op=1 msgID=1 dn="uid=user.0,ou=People,dc=example,dc=com" resultCode=0 etime=22.700 undeleteFromDN="entryUUID=ad55a34a-763f-358f-93f9-da86f9ecd9e4+uid=user.0, ou=People,dc=example,dc=com"
Audit logs
The audit log captures any MODIFY and DELETE operations of soft-deleted entries.
These changes are recorded as fully commented-out audit log entries. The audit log does not require any configuration for soft deletes.
For any soft-deleted entry, the audit log entry displays the ds-soft-delete-entry-dn property and its soft-deleted entry distinguished name (DN).
# 14/May/2012:10:57:09.054 -0500; conn=30; op=1 # ds-soft-delete-entry-dn: entryUUID=68147342-1f61-3465-8489- 3de58c532130+uid=user.2,ou=People,dc=example,dc=com dn: uid=user.2,ou=People,dc=example,dc=com changetype: delete
For any MODIFY changes made, the log displays the LDIF, the modifier’s name, and update time.
# 14/May/2012:10:58:33.566 -0500; conn=33; op=1 # dn: entryUUID=68147342-1f61-3465-8489-3de58c532130+uid=user.2,ou=People,dc=exam- ple,dc=com # changetype: modify # replace: homePhone # homePhone: +1 003 428 0966 #- # replace: modifiersName # modifiersName: uid=admin,dc=example,dc=com #- # replace: modifyTimestamp # modifyTimestamp: 20131010020345.546Z
For any undelete of a soft-deleted entry, the log displays the ds-undelete-from-dn attribute plus the entry unique ID, create time, and creator’s name.
# 14/May/2012:10:59:21.754 -0500; conn=34; op=1 dn: uid=user.2,ou=People,dc=example,dc=com changetype: add uid: user.2 ds-undelete-from-dn: entryUUID=68147342-1f61-3465-8489-3de58c532130+uid=user.2,ou=Peo- ple,dc=example,dc=com ds-entry-unique-id:: vw1jg801S7GWrTiS3UE5DA== createTimestamp:: 20131010181148.630Z creatorsName: uid=admin,dc=example,dc=com
For hard (permanent) deletes of a soft-deleted entry, the log displays the soft-deleted entry DN that was removed.
# 14/May/2012:11:00:14.055 -0500; conn=36; op=1 # dn: entryUUID=68147342-1f61-3465-8489-3de58c532130+uid=user.2,ou=People,dc=exam- ple,dc=com # changetype: delete
Changelog
You can configure the changelog to capture soft-delete changes to entries so that external clients, such as PingDataSync server, can access these changes.
The ds-soft-delete-entry attribute represents an entry that has been soft-deleted and is part of the source entry passed into the changelog to indicate the entry has been soft-deleted.
All soft-delete operations appear in the changelog as regular DELETE operations. When a soft delete occurs, the resulting changelog entry includes a ds-soft-delete-entry-dn operational attribute with the value of the soft-deleted entry DN. PingDataSync Server recognizes the ds-soft-delete-entry-dn attribute and does nothing with it.
The changelog backend soft-delete-entry-included-operation property determines whether MODIFY or DELETE operations of soft-deleted entries appear in the changelog. This property is disabled by default.