[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind

Full_Name: Jonathan Clarke
Version: RE24
URL: ftp://ftp.openldap.org/incoming/jonathan-clarke-lastbind-20090730.tgz
Submission from: (NULL) (


Please find, at the above URL, an overlay, built for OpenLDAP 2.4, that
intercepts successful binds and records the current timestamp in an attribute
named "bindTimestamp" in the bound-to entry. It's original use-case is to detect
unused accounts.

A configuration parameter (olcLastBindPrecision) allows to set a minimum
precision for the timestamp (ie, don't update the timestamp unless it's older
than <n> seconds). This avoids a performance hit from many unnecessary writes in
case there are many binds per minute/hour/day/week/etc.

Of course, the behaviour this overlay implements is not described in any RFC, or
other. However, it closely resembles some of the functionality from the password
policy overlay, and similar functionality already exists in other LDAP servers.

I post it here in the hope that it may serve others, and in case the OpenLDAP
wishes to include it in one form or another. I would most appreciate any
comments or feedback.


PS: please note that the OIDs used are not registered, but used temporarily. I
do not currently have access to a registered OID to use.