To handle this issue, you need to get openldap internal fields by adding a + sign at the end of search query like so:
$ ldapsearch -h localhost -w 'admin' -x -D "cn=admin,dc=example,dc=org" -b "DC=example,DC=org" +And in python code it would like this:
r = l.search_ext("dc=example,dc=org", ldap.SCOPE_SUBTREE, "objectClass=*", ["+",], 0)Then it returns internal fields which are important like modifyTimestamp.
Or if you want to get all internal fields and user attributes in one request, just add '*' '+' like this:
r = l.search_ext("dc=example,dc=org", ldap.SCOPE_SUBTREE, "objectClass=*", ["*", "+"], 0)If you want to get last changed user after a specific date, try to add modifyTimestamp on query like this:
ldapsearch -h localhost -w 'admin' -x -D "cn=admin,dc=example,dc=org" -b "DC=example,DC=org" "modifyTimestamp>=20171012152507ZTo get more info about history, try to enable overlay accesslog in your ldap and use it:
$ ldapsearch -x -b cn=accesslogResources:
- Active directory
whenChangedfield: https://msdn.microsoft.com/en-us/library/ms680921(v=vs.85).aspx - Open ldap
modifyTimestampfield: https://tools.ietf.org/html/rfc4512 - Open ldap all default attributes: http://www.phpldaptools.com/reference/Default-Schema-Attributes/
- Active Directory all default attributes: https://msdn.microsoft.com/en-us/library/ms675090(v=vs.85).aspx
- https://www.ibm.com/support/knowledgecenter/en/SSKTMJ_9.0.1/admin/conf_usingldapsearchtoreturnoperationalattributes_t.html
- Internal attributs: https://mail.python.org/pipermail/python-ldap/2009q3/002593.html
- Access log: http://www.openldap.org/doc/admin24/overlays.html#Access%20Logging
- How to check the login history of users on openldap: https://www.openldap.org/lists/openldap-technical/201505/msg00117.html