[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind



On 30/07/09 13:50, jonathan@phillipoux.net wrote:
> Full_Name: Jonathan Clarke
> Version: RE24
> OS: 
> URL: ftp://ftp.openldap.org/incoming/jonathan-clarke-lastbind-20090730.tgz
> Submission from: (NULL) (82.67.204.30)
> 
> 
> Hi,
> 
> Please find, at the above URL, an overlay, built for OpenLDAP 2.4, that
> intercepts successful binds and records the current timestamp in an attribute
> named "bindTimestamp" in the bound-to entry. It's original use-case is to detect
> unused accounts.
> 
> A configuration parameter (olcLastBindPrecision) allows to set a minimum
> precision for the timestamp (ie, don't update the timestamp unless it's older
> than <n> seconds). This avoids a performance hit from many unnecessary writes in
> case there are many binds per minute/hour/day/week/etc.
> 
> Of course, the behaviour this overlay implements is not described in any RFC, or
> other. However, it closely resembles some of the functionality from the password
> policy overlay, and similar functionality already exists in other LDAP servers.
> 
> I post it here in the hope that it may serve others, and in case the OpenLDAP
> wishes to include it in one form or another. I would most appreciate any
> comments or feedback.
> 
> Regards,
> Jonathan
> 
> PS: please note that the OIDs used are not registered, but used temporarily. I
> do not currently have access to a registered OID to use.

To respond to an off-list request, I'd like to add an IPR notice to this
contribution:

The above mentioned files are derived from OpenLDAP Software. All of the
modifications to OpenLDAP Software represented in the files were
developed by Jonathan Clarke <jonathan@phillipoux.net>. I have not
assigned rights and/or interest in this work to any party.

Hope this is the right wording...

Jonathan