[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
From: michael@stroeder.com
Date: Thu, 30 Jul 2009 14:08:27 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

jonathan@phillipoux.net wrote:
> Full_Name: Jonathan Clarke
> Version: RE24
> OS: 
> URL: ftp://ftp.openldap.org/incoming/jonathan-clarke-lastbind-20090730.tgz
> Submission from: (NULL) (82.67.204.30)
> 
> Please find, at the above URL, an overlay, built for OpenLDAP 2.4, that
> intercepts successful binds and records the current timestamp in an attribute
> named "bindTimestamp" in the bound-to entry. It's original use-case is to detect
> unused accounts.

Detecting unused accounts can also somewhat achieved by using
slapo-accesslog with configuration directive "logops session". Still I
see some value for such an simple overlay.

> A configuration parameter (olcLastBindPrecision) allows to set a minimum
> precision for the timestamp (ie, don't update the timestamp unless it's older
> than <n> seconds). This avoids a performance hit from many unnecessary writes in
> case there are many binds per minute/hour/day/week/etc.

Things to consider:

Is this attribute supposed to be replicated?

How about adding configuration paramters so you can specify 1. the
attribute type used and 2. the datetime format. This could be handy in
situations where you want to mimique the behaviour of other LDAP servers.

Ciao, Michael.

Prev by Date: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
Next by Date: (ITS#6239) ldap_pvt_tls_check_hostname() may be vulnerable
Index(es):
- Chronological
- Thread