AIUI, the LDAP servers don't provide any useful history of changes. So the only way to record changes is to record snapshots and detect differences between them.
At the moment Whimsy creates snapshots every 15mins or so, and logs the diffs in an e-mail. However it's not particularly easy to work out which LDAP group is involved unless the addition happens to be near the start or end of a group which then appears in the diff output. One solution would be to compare the JSON trees and log the diffs with more context. However it would still be tricky to reconstruct a specific snapshot. So I'm wondering whether it would make sense to store the snapshots in an SVN or Git repo? This would automatically keep track of changes, and one could use the SCM tools to show the diff in context. Thoughts?
