I can see which updates are being handled by OpenLDAP's sync replication engine by looking at the logs it produces, but I wanted a concise view of the distinguished names (DN) of the objects being updated, if possible on-the-fly.

Net::LDAPapi implments a refreshAndPersist syncrepl consumer which I can use to watch the ADD, MODIFY and DELETE operations being handled by the slapd I'm connecting to. Here's how i do it:


use strict;
use Net::LDAPapi;

my $cookie = 'cookie.dat';

my $ld = new Net::LDAPapi('jmbp.ww.mens.de');


my $status = $ld->bind_s(-type=>LDAP_AUTH_SASL);

die "SASL-status $status: $!" if ($status);

my @attrs = ();

my $msgid = $ld->listen_for_changes('dc=mens,dc=de',

while(1) {
    while( my @entries = $ld->next_changed_entries($msgid, 0, -1) ) {
        foreach my $e (@entries) {
            printf "dn: %s %s\n",

The cookie file must exist prior to start (touch cookie.dat), and it is updated by Net::LDAPapi with the Change Sequence Number (CSN) of the last change it handled.

Running the above program shows output like this:

dn: krbPrincipalName=user@MENS.DE,cn=MENS.DE,ou=kerberos,dc=mens,dc=de present
dn: krbPrincipalName=host/hippo.ww.mens.de@MENS.DE,cn=MENS.DE,ou=kerberos,dc=mens,dc=de present
dn: cn=Demo,ou=System,dc=mens,dc=de add
dn: uid=f2,ou=Users,dc=mens,dc=de add
dn: cn=Demo,ou=System,dc=mens,dc=de delete



blog comments powered by Disqus