[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind

To: openldap-its@OpenLDAP.org
Subject: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
From: jonathan@phillipoux.net
Date: Thu, 30 Jul 2009 12:50:35 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Jonathan Clarke
Version: RE24
OS: 
URL: ftp://ftp.openldap.org/incoming/jonathan-clarke-lastbind-20090730.tgz
Submission from: (NULL) (82.67.204.30)


Hi,

Please find, at the above URL, an overlay, built for OpenLDAP 2.4, that
intercepts successful binds and records the current timestamp in an attribute
named "bindTimestamp" in the bound-to entry. It's original use-case is to detect
unused accounts.

A configuration parameter (olcLastBindPrecision) allows to set a minimum
precision for the timestamp (ie, don't update the timestamp unless it's older
than <n> seconds). This avoids a performance hit from many unnecessary writes in
case there are many binds per minute/hour/day/week/etc.

Of course, the behaviour this overlay implements is not described in any RFC, or
other. However, it closely resembles some of the functionality from the password
policy overlay, and similar functionality already exists in other LDAP servers.

I post it here in the hope that it may serve others, and in case the OpenLDAP
wishes to include it in one form or another. I would most appreciate any
comments or feedback.

Regards,
Jonathan

PS: please note that the OIDs used are not registered, but used temporarily. I
do not currently have access to a registered OID to use.

Prev by Date: Re: (ITS#6234) CONFIGURABLE TCP BUFFERS IN SLAPD FEATURE REQUEST
Next by Date: Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
Index(es):
- Chronological
- Thread