Logged in as guest
Viewing Contrib/6238 Full headers
Major security issue: yes no
Notes: updated in HEAD fixed in RE24 Notification:
Date: Thu, 30 Jul 2009 12:50:34 +0000 From: jonathan@phillipoux.net To: openldap-its@OpenLDAP.org Subject: contrib: lastbind overlay to record timestamp of last successful bind
Full_Name: Jonathan Clarke Version: RE24 OS: URL: ftp://ftp.openldap.org/incoming/jonathan-clarke-lastbind-20090730.tgz Submission from: (NULL) (82.67.204.30) Hi, Please find, at the above URL, an overlay, built for OpenLDAP 2.4, that intercepts successful binds and records the current timestamp in an attribute named "bindTimestamp" in the bound-to entry. It's original use-case is to detect unused accounts. A configuration parameter (olcLastBindPrecision) allows to set a minimum precision for the timestamp (ie, don't update the timestamp unless it's older than <n> seconds). This avoids a performance hit from many unnecessary writes in case there are many binds per minute/hour/day/week/etc. Of course, the behaviour this overlay implements is not described in any RFC, or other. However, it closely resembles some of the functionality from the password policy overlay, and similar functionality already exists in other LDAP servers. I post it here in the hope that it may serve others, and in case the OpenLDAP wishes to include it in one form or another. I would most appreciate any comments or feedback. Regards, Jonathan PS: please note that the OIDs used are not registered, but used temporarily. I do not currently have access to a registered OID to use.
Date: Thu, 30 Jul 2009 16:08:10 +0200 From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com> To: jonathan@phillipoux.net CC: openldap-its@openldap.org Subject: Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
jonathan@phillipoux.net wrote: > Full_Name: Jonathan Clarke > Version: RE24 > OS: > URL: ftp://ftp.openldap.org/incoming/jonathan-clarke-lastbind-20090730.tgz > Submission from: (NULL) (82.67.204.30) > > Please find, at the above URL, an overlay, built for OpenLDAP 2.4, that > intercepts successful binds and records the current timestamp in an attribute > named "bindTimestamp" in the bound-to entry. It's original use-case is to detect > unused accounts. Detecting unused accounts can also somewhat achieved by using slapo-accesslog with configuration directive "logops session". Still I see some value for such an simple overlay. > A configuration parameter (olcLastBindPrecision) allows to set a minimum > precision for the timestamp (ie, don't update the timestamp unless it's older > than <n> seconds). This avoids a performance hit from many unnecessary writes in > case there are many binds per minute/hour/day/week/etc. Things to consider: Is this attribute supposed to be replicated? How about adding configuration paramters so you can specify 1. the attribute type used and 2. the datetime format. This could be handy in situations where you want to mimique the behaviour of other LDAP servers. Ciao, Michael.
Date: Fri, 10 Dec 2010 14:42:58 +0000 From: Jonathan Clarke <jonathan@phillipoux.net> To: openldap-its@openldap.org Subject: Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
On 30/07/09 13:50, jonathan@phillipoux.net wrote: > Full_Name: Jonathan Clarke > Version: RE24 > OS: > URL: ftp://ftp.openldap.org/incoming/jonathan-clarke-lastbind-20090730.tgz > Submission from: (NULL) (82.67.204.30) > > > Hi, > > Please find, at the above URL, an overlay, built for OpenLDAP 2.4, that > intercepts successful binds and records the current timestamp in an attribute > named "bindTimestamp" in the bound-to entry. It's original use-case is to detect > unused accounts. > > A configuration parameter (olcLastBindPrecision) allows to set a minimum > precision for the timestamp (ie, don't update the timestamp unless it's older > than <n> seconds). This avoids a performance hit from many unnecessary writes in > case there are many binds per minute/hour/day/week/etc. > > Of course, the behaviour this overlay implements is not described in any RFC, or > other. However, it closely resembles some of the functionality from the password > policy overlay, and similar functionality already exists in other LDAP servers. > > I post it here in the hope that it may serve others, and in case the OpenLDAP > wishes to include it in one form or another. I would most appreciate any > comments or feedback. > > Regards, > Jonathan > > PS: please note that the OIDs used are not registered, but used temporarily. I > do not currently have access to a registered OID to use. To respond to an off-list request, I'd like to add an IPR notice to this contribution: The above mentioned files are derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the files were developed by Jonathan Clarke <jonathan@phillipoux.net>. I have not assigned rights and/or interest in this work to any party. Hope this is the right wording... Jonathan
Subject: Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind From: Kurt Zeilenga <Kurt@OpenLDAP.org> Date: Fri, 10 Dec 2010 06:53:22 -0800 Cc: openldap-its@OpenLDAP.org To: jonathan@phillipoux.net
On Dec 10, 2010, at 6:43 AM, jonathan@phillipoux.net wrote: > I'd like to add an IPR notice to this > contribution: I note that you only provide half the notice. A complete notice would = be followed by a statement of what license the contribution is provided = under. -- Kurt=
Date: Fri, 10 Dec 2010 14:55:45 +0000 From: Jonathan Clarke <jonathan@phillipoux.net> To: Kurt Zeilenga <Kurt@OpenLDAP.org> CC: openldap-its@OpenLDAP.org Subject: Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
On 10/12/10 14:53, Kurt Zeilenga wrote: > > On Dec 10, 2010, at 6:43 AM, jonathan@phillipoux.net wrote: > >> I'd like to add an IPR notice to this >> contribution: > > I note that you only provide half the notice. A complete notice would be followed by a statement of what license the contribution is provided under. Ah, the licence is included in the files, but I repeat it here for clarity: * Copyright 2009 Jonathan Clarke <jonathan@phillipoux.net>. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted only as authorized by the OpenLDAP * Public License. * * A copy of this license is available in the file LICENSE in the * top-level directory of the distribution or, alternatively, at * <http://www.OpenLDAP.org/license.html>. Jonathan
Date: Fri, 10 Dec 2010 09:14:27 -0800 From: Howard Chu <hyc@symas.com> To: jonathan@phillipoux.net CC: openldap-its@openldap.org Subject: Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
jonathan@phillipoux.net wrote: > On 30/07/09 13:50, jonathan@phillipoux.net wrote: >> Full_Name: Jonathan Clarke >> Version: RE24 >> OS: >> URL: ftp://ftp.openldap.org/incoming/jonathan-clarke-lastbind-20090730.tgz >> Submission from: (NULL) (82.67.204.30) >> >> >> Hi, >> >> Please find, at the above URL, an overlay, built for OpenLDAP 2.4, that >> intercepts successful binds and records the current timestamp in an attribute >> named "bindTimestamp" in the bound-to entry. It's original use-case is to detect >> unused accounts. >> >> A configuration parameter (olcLastBindPrecision) allows to set a minimum >> precision for the timestamp (ie, don't update the timestamp unless it's older >> than<n> seconds). This avoids a performance hit from many unnecessary writes in >> case there are many binds per minute/hour/day/week/etc. >> >> Of course, the behaviour this overlay implements is not described in any RFC, or >> other. However, it closely resembles some of the functionality from the password >> policy overlay, and similar functionality already exists in other LDAP servers. There is an equivalent attribute defined in the latest ppolicy draft. Perhaps you could use that. Or just submit a patch to incorporate this feature into the current ppoloicy overlay. >> >> I post it here in the hope that it may serve others, and in case the OpenLDAP >> wishes to include it in one form or another. I would most appreciate any >> comments or feedback. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Date: Fri, 10 Dec 2010 18:37:23 +0000 From: Jonathan Clarke <jonathan@phillipoux.net> To: Howard Chu <hyc@symas.com> CC: openldap-its@openldap.org Subject: Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
On 10/12/10 17:14, Howard Chu wrote: > jonathan@phillipoux.net wrote: >> On 30/07/09 13:50, jonathan@phillipoux.net wrote: >>> Full_Name: Jonathan Clarke >>> Version: RE24 >>> OS: >>> URL: >>> ftp://ftp.openldap.org/incoming/jonathan-clarke-lastbind-20090730.tgz >>> Submission from: (NULL) (82.67.204.30) >>> >>> >>> Hi, >>> >>> Please find, at the above URL, an overlay, built for OpenLDAP 2.4, that >>> intercepts successful binds and records the current timestamp in an >>> attribute >>> named "bindTimestamp" in the bound-to entry. It's original use-case >>> is to detect >>> unused accounts. >>> >>> A configuration parameter (olcLastBindPrecision) allows to set a minimum >>> precision for the timestamp (ie, don't update the timestamp unless >>> it's older >>> than<n> seconds). This avoids a performance hit from many >>> unnecessary writes in >>> case there are many binds per minute/hour/day/week/etc. >>> >>> Of course, the behaviour this overlay implements is not described in >>> any RFC, or >>> other. However, it closely resembles some of the functionality from >>> the password >>> policy overlay, and similar functionality already exists in other >>> LDAP servers. > > There is an equivalent attribute defined in the latest ppolicy draft. > Perhaps you could use that. Or just submit a patch to incorporate this > feature into the current ppoloicy overlay. Indeed. At the time I wrote this overlay, I think the ppolicy draft was not yet finished or at least I wasn't aware of it. My client at the time found it useful to just add this simple overlay, without worrying about configuring ppolicy. Since then, I actually haven't had any time to work on this overlay, but today Michael expressed an interest in it, asking for a public IPR notice, thus the "thread revival". I hope to pick it up in the future, and at that point possibly submit a patch for ppolicy also, as you suggest. Regards, Jonathan
Subject: Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind From: Kurt Zeilenga <Kurt@OpenLDAP.org> Date: Fri, 10 Dec 2010 10:58:20 -0800 Cc: openldap-its@OpenLDAP.org To: jonathan@phillipoux.net
On Dec 10, 2010, at 10:37 AM, jonathan@phillipoux.net wrote: > On 10/12/10 17:14, Howard Chu wrote: >> jonathan@phillipoux.net wrote: >>> On 30/07/09 13:50, jonathan@phillipoux.net wrote: >>>> Full_Name: Jonathan Clarke >>>> Version: RE24 >>>> OS: >>>> URL: >>>> = ftp://ftp.openldap.org/incoming/jonathan-clarke-lastbind-20090730.tgz >>>> Submission from: (NULL) (82.67.204.30) >>>>=20 >>>>=20 >>>> Hi, >>>>=20 >>>> Please find, at the above URL, an overlay, built for OpenLDAP 2.4, = that >>>> intercepts successful binds and records the current timestamp in an >>>> attribute >>>> named "bindTimestamp" in the bound-to entry. It's original use-case >>>> is to detect >>>> unused accounts. >>>>=20 >>>> A configuration parameter (olcLastBindPrecision) allows to set a = minimum >>>> precision for the timestamp (ie, don't update the timestamp unless >>>> it's older >>>> than<n> seconds). This avoids a performance hit from many >>>> unnecessary writes in >>>> case there are many binds per minute/hour/day/week/etc. >>>>=20 >>>> Of course, the behaviour this overlay implements is not described = in >>>> any RFC, or >>>> other. However, it closely resembles some of the functionality from >>>> the password >>>> policy overlay, and similar functionality already exists in other >>>> LDAP servers. >>=20 >> There is an equivalent attribute defined in the latest ppolicy draft. >> Perhaps you could use that. That attribute is last successful password authentication, not last = authentication by any means. For the latter, I suggest a separate attribute. At Isode, we use an = authTimestamp dsaOperational attribute for this. It's wise to have the updating of this attribute off by default. >> Or just submit a patch to incorporate this >> feature into the current ppoloicy overlay. >=20 > Indeed. At the time I wrote this overlay, I think the ppolicy draft = was > not yet finished or at least I wasn't aware of it. My client at the = time > found it useful to just add this simple overlay, without worrying = about > configuring ppolicy. >=20 > Since then, I actually haven't had any time to work on this overlay, = but > today Michael expressed an interest in it, asking for a public IPR > notice, thus the "thread revival". >=20 > I hope to pick it up in the future, and at that point possibly submit = a > patch for ppolicy also, as you suggest. >=20 > Regards, > Jonathan >=20 >=20
Date: Fri, 10 Dec 2010 12:02:28 -0800 From: Howard Chu <hyc@symas.com> To: Kurt@OpenLDAP.org CC: openldap-its@OpenLDAP.org Subject: Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
Kurt@OpenLDAP.org wrote: > On Dec 10, 2010, at 10:37 AM, jonathan@phillipoux.net wrote: > >> On 10/12/10 17:14, Howard Chu wrote: >>> jonathan@phillipoux.net wrote: >>>> On 30/07/09 13:50, jonathan@phillipoux.net wrote: >>>>> Full_Name: Jonathan Clarke >>>>> Version: RE24 >>>>> OS: >>>>> URL: >>>>> = > ftp://ftp.openldap.org/incoming/jonathan-clarke-lastbind-20090730.tgz >>>>> Submission from: (NULL) (82.67.204.30) >>>>> =20 >>>>> =20 >>>>> Hi, >>>>> =20 >>>>> Please find, at the above URL, an overlay, built for OpenLDAP 2.4, = > that >>>>> intercepts successful binds and records the current timestamp in an >>>>> attribute >>>>> named "bindTimestamp" in the bound-to entry. It's original use-case >>>>> is to detect >>>>> unused accounts. >>>>> =20 >>>>> A configuration parameter (olcLastBindPrecision) allows to set a = > minimum >>>>> precision for the timestamp (ie, don't update the timestamp unless >>>>> it's older >>>>> than<n> seconds). This avoids a performance hit from many >>>>> unnecessary writes in >>>>> case there are many binds per minute/hour/day/week/etc. >>>>> =20 >>>>> Of course, the behaviour this overlay implements is not described = > in >>>>> any RFC, or >>>>> other. However, it closely resembles some of the functionality from >>>>> the password >>>>> policy overlay, and similar functionality already exists in other >>>>> LDAP servers. >>> =20 >>> There is an equivalent attribute defined in the latest ppolicy draft. >>> Perhaps you could use that. > > That attribute is last successful password authentication, not last = > authentication by any means. > > For the latter, I suggest a separate attribute. At Isode, we use an = > authTimestamp dsaOperational attribute for this. > > It's wise to have the updating of this attribute off by default. Good point. In that case it's probably fine as a separate overlay, the way it is now. Can we use the schema definition that Isode is using? -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Subject: Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind From: Kurt Zeilenga <Kurt@OpenLDAP.org> Date: Fri, 10 Dec 2010 12:18:55 -0800 Cc: openldap-its@OpenLDAP.org To: Howard Chu <hyc@symas.com>
On Dec 10, 2010, at 12:02 PM, Howard Chu wrote: > Good point. In that case it's probably fine as a separate overlay, the = way it is now. Can we use the schema definition that Isode is using? Not only yes, but hell yes. Reuse and convergence is a good thing. ( 1.3.6.1.4.1.453.16.2.188 NAME 'authTimestamp' DESC 'last successful authentication using any method/mech' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE dsaOperation ) And we use this attribute in our configuration object to enable/disable = (default disabled). ( 1.3.6.1.4.1.453.16.2.189 NAME 'authTimestamps' DESC 'enable recording of last successful authentication using = any method/mech' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE dsaOperation )
Date: Sat, 11 Dec 2010 02:16:25 +0100 From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com> To: Kurt@OpenLDAP.org CC: openldap-its@OpenLDAP.org Subject: Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
Kurt@OpenLDAP.org wrote: > ( 1.3.6.1.4.1.453.16.2.188 NAME 'authTimestamp' > DESC 'last successful authentication using any method/mech' > EQUALITY generalizedTimeMatch > ORDERING generalizedTimeOrderingMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 > SINGLE-VALUE NO-USER-MODIFICATION USAGE dsaOperation ) > > And we use this attribute in our configuration object to enable/disable = > (default disabled). > > ( 1.3.6.1.4.1.453.16.2.189 NAME 'authTimestamps' > DESC 'enable recording of last successful authentication using = > any method/mech' > EQUALITY booleanMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 > SINGLE-VALUE USAGE dsaOperation ) Hmm, isn't NAME of the second a little bit confusing since it sounds like just the plural of the first? Ciao, Michael.
Subject: Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind From: Kurt Zeilenga <Kurt@OpenLDAP.org> Date: Fri, 10 Dec 2010 18:22:04 -0800 Cc: openldap-its@OpenLDAP.org To: =?iso-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com>
On Dec 10, 2010, at 5:16 PM, Michael Str=F6der wrote: > Kurt@OpenLDAP.org wrote: >> ( 1.3.6.1.4.1.453.16.2.188 NAME 'authTimestamp' >> DESC 'last successful authentication using any method/mech' >> EQUALITY generalizedTimeMatch >> ORDERING generalizedTimeOrderingMatch >> SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 >> SINGLE-VALUE NO-USER-MODIFICATION USAGE dsaOperation ) >>=20 >> And we use this attribute in our configuration object to = enable/disable =3D >> (default disabled). >>=20 >> ( 1.3.6.1.4.1.453.16.2.189 NAME 'authTimestamps' >> DESC 'enable recording of last successful authentication using =3D= >> any method/mech' >> EQUALITY booleanMatch >> SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 >> SINGLE-VALUE USAGE dsaOperation ) >=20 > Hmm, isn't NAME of the second a little bit confusing since it sounds = like just > the plural of the first? Names should only be for the wire, the wire doesn't get confused. -- Kurt=
Date: Mon, 13 Dec 2010 17:30:48 +0100 From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com> To: openldap-its@openldap.org Subject: Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
Could we have this overlay in contrib/ shipped with 2.4.24? That would be really nice. I've tested it with 2.4.23 and it still seems to work.
Date: Fri, 04 Feb 2011 15:36:57 -0800 From: Howard Chu <hyc@symas.com> To: michael@stroeder.com CC: openldap-its@openldap.org Subject: Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
michael@stroeder.com wrote: > Could we have this overlay in contrib/ shipped with 2.4.24? > That would be really nice. > > I've tested it with 2.4.23 and it still seems to work. Committed with changes in HEAD. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Date: Sat, 05 Feb 2011 18:31:49 +0100 From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com> To: hyc@symas.com CC: openldap-its@openldap.org Subject: Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
This is a multi-part message in MIME format. --------------010407040507050306070700 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit hyc@symas.com wrote: > michael@stroeder.com wrote: >> Could we have this overlay in contrib/ shipped with 2.4.24? >> That would be really nice. >> >> I've tested it with 2.4.23 and it still seems to work. > > Committed with changes in HEAD. Also in RE24. Thanks a lot! Any objections adding a slightly more complete Makefile (see attachment)? Ciao, Michael. --------------010407040507050306070700 Content-Type: text/plain; name="Makefile.lastbind" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="Makefile.lastbind" # Copyright 2009 Jonathan Clarke <jonathan@phillipoux.net>. # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted only as authorized by the OpenLDAP # Public License. # # A copy of this license is available in the file LICENSE in the # top-level directory of the distribution or, alternatively, at # <http://www.OpenLDAP.org/license.html>. PREFIX=/opt/openldap-RE24 CPPFLAGS+=-I../../../include -I../../../servers/slapd CPPFLAGS+=-DSLAPD_OVER_LASTBIND=SLAPD_MOD_DYNAMIC #LIBTOOL=libtool LIBTOOL=../../../libtool OPT=-g -O2 CC=gcc all: lastbind.la lastbind.lo: lastbind.c $(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) -Wall -c $? lastbind.la: lastbind.lo $(LIBTOOL) --mode=link $(CC) -version-info 0:0:0 \ -rpath $(PREFIX)/lib -module -o $@ $? clean: rm -rf lastbind.lo lastbind.la lastbind.o .libs/ install: lastbind.la mkdir -p $(PREFIX)/libexec/openldap $(LIBTOOL) --mode=install cp lastbind.la $(PREFIX)/libexec/openldap $(LIBTOOL) --finish $(PREFIX)/libexec/openldap --------------010407040507050306070700--
Date: Mon, 07 Feb 2011 06:31:04 -0800 From: Howard Chu <hyc@symas.com> To: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com> CC: openldap-its@openldap.org Subject: Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
Michael Str.der wrote: > hyc@symas.com wrote: >> michael@stroeder.com wrote: >>> Could we have this overlay in contrib/ shipped with 2.4.24? >>> That would be really nice. >>> >>> I've tested it with 2.4.23 and it still seems to work. >> >> Committed with changes in HEAD. > > Also in RE24. Thanks a lot! > > Any objections adding a slightly more complete Makefile (see attachment)? Yes, several objections. Post diffs that can be applied by the "patch" command, not the complete file. If you're going to add more rules, make them conform to the standard Makefiles. E.g. the correct macro is "prefix" not "PREFIX". Post diffs that actually work, your "OPT" macro is never referenced anywhere else in the Makefile so it's useless. The default prefix is always /usr/local. You can use whatever prefix you like in your personal copy, but stick with the defaults on anything you submit to us. > Ciao, Michael. > > > Makefile.lastbind > > > # Copyright 2009 Jonathan Clarke<jonathan@phillipoux.net>. > # All rights reserved. > # > # Redistribution and use in source and binary forms, with or without > # modification, are permitted only as authorized by the OpenLDAP > # Public License. > # > # A copy of this license is available in the file LICENSE in the > # top-level directory of the distribution or, alternatively, at > #<http://www.OpenLDAP.org/license.html>. > > PREFIX=/opt/openldap-RE24 > > CPPFLAGS+=-I../../../include -I../../../servers/slapd > CPPFLAGS+=-DSLAPD_OVER_LASTBIND=SLAPD_MOD_DYNAMIC > #LIBTOOL=libtool > LIBTOOL=../../../libtool > OPT=-g -O2 > CC=gcc > > > all: lastbind.la > > lastbind.lo: lastbind.c > $(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) -Wall -c $? > > lastbind.la: lastbind.lo > $(LIBTOOL) --mode=link $(CC) -version-info 0:0:0 \ > -rpath $(PREFIX)/lib -module -o $@ $? > > clean: > rm -rf lastbind.lo lastbind.la lastbind.o .libs/ > > install: lastbind.la > mkdir -p $(PREFIX)/libexec/openldap > $(LIBTOOL) --mode=install cp lastbind.la $(PREFIX)/libexec/openldap > $(LIBTOOL) --finish $(PREFIX)/libexec/openldap -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Date: Mon, 07 Feb 2011 21:37:17 +0100 From: Jonathan Clarke <jonathan@phillipoux.net> To: hyc@symas.com CC: openldap-its@openldap.org Subject: Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
Le 05/02/2011 00:37, hyc@symas.com a .crit : > michael@stroeder.com wrote: >> Could we have this overlay in contrib/ shipped with 2.4.24? >> That would be really nice. >> >> I've tested it with 2.4.23 and it still seems to work. > > Committed with changes in HEAD. Howard, Thanks for taking the time to clean this up and commit it. Jonathan -- -------------------------------------------------------------- Jonathan Clarke - jonathan@phillipoux.net -------------------------------------------------------------- Ldap Synchronization Connector (LSC) - http://lsc-project.org --------------------------------------------------------------
Date: Tue, 15 Feb 2011 15:49:24 +0100 From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com> To: openldap-its@openldap.org Subject: Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
Howard Chu wrote: > Yes, several objections. Post diffs that can be applied by the "patch" > command, not the complete file. See below. > If you're going to add more rules, make > them conform to the standard Makefiles. E.g. the correct macro is > "prefix" not "PREFIX". Not consequently used in contrib/slapd-modules/. Therefore I didn't know this. Ciao, Michael. Index: Makefile =================================================================== RCS file: /repo/OpenLDAP/pkg/ldap/contrib/slapd-modules/lastbind/Makefile,v retrieving revision 1.2.2.2 diff -u -r1.2.2.2 Makefile --- Makefile 4 Feb 2011 23:39:17 -0000 1.2.2.2 +++ Makefile 15 Feb 2011 14:48:30 -0000 @@ -10,6 +10,8 @@ # top-level directory of the distribution or, alternatively, at # <http://www.OpenLDAP.org/license.html>. +prefix=/usr/local + CPPFLAGS+=-I../../../include -I../../../servers/slapd CPPFLAGS+=-DSLAPD_OVER_LASTBIND=SLAPD_MOD_DYNAMIC #LIBTOOL=libtool @@ -23,7 +25,12 @@ lastbind.la: lastbind.lo $(LIBTOOL) --mode=link $(CC) -version-info 0:0:0 \ - -rpath $(PREFIX)/lib -module -o $@ $? + -rpath $(prefix)/lib -module -o $@ $? clean: rm -rf lastbind.lo lastbind.la lastbind.o .libs/ + +install: lastbind.la + mkdir -p $(prefix)/libexec/openldap + $(LIBTOOL) --mode=install cp lastbind.la $(prefix)/libexec/openldap + $(LIBTOOL) --finish $(prefix)/libexec/openldap
______________ © Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org
