[PR #1264] [CLOSED] Implement modifyTimestamp support for SSSD compatibility with creation time tracking and group membership updates #1216

New issue

Closed

opened 2026-02-27 09:11:22 +03:00 by kerem · 0 comments

kerem commented

2026-02-27 09:11:22 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/lldap/lldap/pull/1264
Author: @Copilot
Created: 8/26/2025
Status: ❌ Closed

Base: main ← Head: copilot/fix-898

📝 Commits (10+)

df49d82 Initial plan
a90695a Implement core modifyTimestamp functionality with database migration and backend support
f7ab6de Fix database migration default values for modify timestamps
1c92ae6 Complete modifyTimestamp implementation - fix remaining test compilation errors
8a8eb41 Address review feedback: remove backup file, initialize timestamps with current time, move attributes to Public schema
b8b48eb Set modification timestamps for new users and groups during creation
233262e Fix tests and formatting for modifyTimestamp implementation
7e64e06 Fix clippy collapsible-if warnings in LDAP search code
edf22af Update user modification time when changing password
e2d9d47 Update group modification time when adding or removing users from groups

📊 Changes

22 files changed (+340 additions, -40 deletions)

View changed files

📝 Cargo.lock (+1 -0)
📝 app/src/infra/attributes.rs (+17 -2)
📝 crates/domain-model/src/model/groups.rs (+3 -0)
📝 crates/domain-model/src/model/users.rs (+8 -0)
📝 crates/domain/src/public_schema.rs (+27 -0)
📝 crates/domain/src/types.rs (+6 -0)
📝 crates/graphql-server/Cargo.toml (+15 -11)
📝 crates/graphql-server/src/query.rs (+48 -0)
📝 crates/ldap/src/compare.rs (+2 -0)
📝 crates/ldap/src/core/group.rs (+10 -0)
📝 crates/ldap/src/core/user.rs (+12 -0)
📝 crates/ldap/src/core/utils.rs (+10 -4)
📝 crates/ldap/src/delete.rs (+2 -0)
📝 crates/ldap/src/handler.rs (+1 -0)
📝 crates/ldap/src/modify.rs (+1 -0)
📝 crates/ldap/src/password.rs (+2 -0)
📝 crates/ldap/src/search.rs (+30 -9)
📝 crates/sql-backend-handler/src/sql_group_backend_handler.rs (+3 -0)
📝 crates/sql-backend-handler/src/sql_migrations.rs (+75 -0)
📝 crates/sql-backend-handler/src/sql_opaque_handler.rs (+3 -0)

...and 2 more files

📄 Description

This PR implements the modifyTimestamp LDAP attribute support as requested by SSSD and other LDAP clients. The implementation adds automatic timestamp tracking for user and group modifications, including proper initialization during record creation and updates for group membership changes.

Changes Made

Database Schema (Migration v11)

Added modified_date column to users table - tracks when user records are modified
Added password_modified_date column to users table - tracks when passwords are changed
Added modified_date column to groups table - tracks when group records are modified
Existing records are initialized with current timestamp for consistency
New records automatically get current timestamp defaults

Backend Integration

User modifications: modified_date is automatically updated in update_user_with_transaction()
Password changes: Both password_modified_date and modified_date are updated during OPAQUE password registration
Group modifications: modified_date is automatically updated in update_group_with_transaction()
User creation: modified_date and password_modified_date are set to current time during user creation
Group creation: modified_date is set to current time during group creation
Group membership changes: modified_date is updated when users are added to or removed from groups
All timestamp updates use chrono::Utc::now().naive_utc() for consistency

LDAP Protocol Support

modifyTimestamp attribute maps to modified_date for both users and groups
pwdChangedTime attribute maps to password_modified_date for users
Proper LDAP field type mapping and attribute resolution
Read-only attributes that cannot be modified by clients

Schema Integration

New timestamp fields added as hardcoded, read-only attributes in the Public schema
DateTime attribute type with proper formatting for frontend display
GraphQL API automatically exposes the new fields with proper attribute mapping
Attributes are defined in code rather than stored in database schema tables

Frontend Compatibility

Timestamp fields automatically appear in user/group details as read-only DateTime fields
Existing frontend code handles DateTime attributes without modification

SSSD Compatibility

SSSD and other LDAP clients can now query the modifyTimestamp attribute to determine when user or group records were last modified. Both existing records and newly created records have proper modification timestamps, ensuring complete compatibility with LDAP clients that rely on this attribute for caching and synchronization.

Password changes now update both the specific password_modified_date and the general modified_date to ensure LDAP clients that rely on modifyTimestamp for cache invalidation are properly notified of any user changes, including password updates.

Group membership changes (adding or removing users from groups) now also update the group's modification timestamp, ensuring LDAP clients receive proper cache invalidation notifications for membership modifications.

Fixes #898.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/lldap/lldap/pull/1264 **Author:** [@Copilot](https://github.com/apps/copilot-swe-agent) **Created:** 8/26/2025 **Status:** ❌ Closed **Base:** `main` ← **Head:** `copilot/fix-898` --- ### 📝 Commits (10+) - [`df49d82`](https://github.com/lldap/lldap/commit/df49d827d04748f4f3680279beabdb58909328c4) Initial plan - [`a90695a`](https://github.com/lldap/lldap/commit/a90695a6cedffd33f907d37a21878204b350d3f3) Implement core modifyTimestamp functionality with database migration and backend support - [`f7ab6de`](https://github.com/lldap/lldap/commit/f7ab6ded36827855ad32f80fb2f0bc5393f58c8e) Fix database migration default values for modify timestamps - [`1c92ae6`](https://github.com/lldap/lldap/commit/1c92ae60d32efc5d90b1a5f322b0b3af7e69a19b) Complete modifyTimestamp implementation - fix remaining test compilation errors - [`8a8eb41`](https://github.com/lldap/lldap/commit/8a8eb4157ca3c6a992a56e78ab93629a50da7bb3) Address review feedback: remove backup file, initialize timestamps with current time, move attributes to Public schema - [`b8b48eb`](https://github.com/lldap/lldap/commit/b8b48ebe2430316fb5d15fcca87f1f31313c33ba) Set modification timestamps for new users and groups during creation - [`233262e`](https://github.com/lldap/lldap/commit/233262efa6d844c701b0c46be65f76f41e9ab2e4) Fix tests and formatting for modifyTimestamp implementation - [`7e64e06`](https://github.com/lldap/lldap/commit/7e64e061d3528aab0dee1f5cb21331af44b591f5) Fix clippy collapsible-if warnings in LDAP search code - [`edf22af`](https://github.com/lldap/lldap/commit/edf22afda0d8a57701246751ec7f6a2f916b9b89) Update user modification time when changing password - [`e2d9d47`](https://github.com/lldap/lldap/commit/e2d9d4762364845c070d667fab83e390e3f10f29) Update group modification time when adding or removing users from groups ### 📊 Changes **22 files changed** (+340 additions, -40 deletions) <details> <summary>View changed files</summary> 📝 `Cargo.lock` (+1 -0) 📝 `app/src/infra/attributes.rs` (+17 -2) 📝 `crates/domain-model/src/model/groups.rs` (+3 -0) 📝 `crates/domain-model/src/model/users.rs` (+8 -0) 📝 `crates/domain/src/public_schema.rs` (+27 -0) 📝 `crates/domain/src/types.rs` (+6 -0) 📝 `crates/graphql-server/Cargo.toml` (+15 -11) 📝 `crates/graphql-server/src/query.rs` (+48 -0) 📝 `crates/ldap/src/compare.rs` (+2 -0) 📝 `crates/ldap/src/core/group.rs` (+10 -0) 📝 `crates/ldap/src/core/user.rs` (+12 -0) 📝 `crates/ldap/src/core/utils.rs` (+10 -4) 📝 `crates/ldap/src/delete.rs` (+2 -0) 📝 `crates/ldap/src/handler.rs` (+1 -0) 📝 `crates/ldap/src/modify.rs` (+1 -0) 📝 `crates/ldap/src/password.rs` (+2 -0) 📝 `crates/ldap/src/search.rs` (+30 -9) 📝 `crates/sql-backend-handler/src/sql_group_backend_handler.rs` (+3 -0) 📝 `crates/sql-backend-handler/src/sql_migrations.rs` (+75 -0) 📝 `crates/sql-backend-handler/src/sql_opaque_handler.rs` (+3 -0) _...and 2 more files_ </details> ### 📄 Description This PR implements the `modifyTimestamp` LDAP attribute support as requested by SSSD and other LDAP clients. The implementation adds automatic timestamp tracking for user and group modifications, including proper initialization during record creation and updates for group membership changes. ## Changes Made **Database Schema (Migration v11)** - Added `modified_date` column to users table - tracks when user records are modified - Added `password_modified_date` column to users table - tracks when passwords are changed - Added `modified_date` column to groups table - tracks when group records are modified - Existing records are initialized with current timestamp for consistency - New records automatically get current timestamp defaults **Backend Integration** - **User modifications**: `modified_date` is automatically updated in `update_user_with_transaction()` - **Password changes**: Both `password_modified_date` and `modified_date` are updated during OPAQUE password registration - **Group modifications**: `modified_date` is automatically updated in `update_group_with_transaction()` - **User creation**: `modified_date` and `password_modified_date` are set to current time during user creation - **Group creation**: `modified_date` is set to current time during group creation - **Group membership changes**: `modified_date` is updated when users are added to or removed from groups - All timestamp updates use `chrono::Utc::now().naive_utc()` for consistency **LDAP Protocol Support** - `modifyTimestamp` attribute maps to `modified_date` for both users and groups - `pwdChangedTime` attribute maps to `password_modified_date` for users - Proper LDAP field type mapping and attribute resolution - Read-only attributes that cannot be modified by clients **Schema Integration** - New timestamp fields added as hardcoded, read-only attributes in the Public schema - DateTime attribute type with proper formatting for frontend display - GraphQL API automatically exposes the new fields with proper attribute mapping - Attributes are defined in code rather than stored in database schema tables **Frontend Compatibility** - Timestamp fields automatically appear in user/group details as read-only DateTime fields - Existing frontend code handles DateTime attributes without modification ## SSSD Compatibility SSSD and other LDAP clients can now query the `modifyTimestamp` attribute to determine when user or group records were last modified. Both existing records and newly created records have proper modification timestamps, ensuring complete compatibility with LDAP clients that rely on this attribute for caching and synchronization. Password changes now update both the specific `password_modified_date` and the general `modified_date` to ensure LDAP clients that rely on `modifyTimestamp` for cache invalidation are properly notified of any user changes, including password updates. Group membership changes (adding or removing users from groups) now also update the group's modification timestamp, ensuring LDAP clients receive proper cache invalidation notifications for membership modifications. Fixes #898.  --- ✨ Let Copilot coding agent [set things up for you](https://github.com/lldap/lldap/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot) — coding agent works faster and does higher quality work when set up for your repo. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>