[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind

On 30/07/09 13:50, jonathan@phillipoux.net wrote:
> Full_Name: Jonathan Clarke
> Version: RE24
> OS: 
> URL: ftp://ftp.openldap.org/incoming/jonathan-clarke-lastbind-20090730.tgz
> Submission from: (NULL) (
> Hi,
> Please find, at the above URL, an overlay, built for OpenLDAP 2.4, that
> intercepts successful binds and records the current timestamp in an attribute
> named "bindTimestamp" in the bound-to entry. It's original use-case is to detect
> unused accounts.
> A configuration parameter (olcLastBindPrecision) allows to set a minimum
> precision for the timestamp (ie, don't update the timestamp unless it's older
> than <n> seconds). This avoids a performance hit from many unnecessary writes in
> case there are many binds per minute/hour/day/week/etc.
> Of course, the behaviour this overlay implements is not described in any RFC, or
> other. However, it closely resembles some of the functionality from the password
> policy overlay, and similar functionality already exists in other LDAP servers.
> I post it here in the hope that it may serve others, and in case the OpenLDAP
> wishes to include it in one form or another. I would most appreciate any
> comments or feedback.
> Regards,
> Jonathan
> PS: please note that the OIDs used are not registered, but used temporarily. I
> do not currently have access to a registered OID to use.

To respond to an off-list request, I'd like to add an IPR notice to this

The above mentioned files are derived from OpenLDAP Software. All of the
modifications to OpenLDAP Software represented in the files were
developed by Jonathan Clarke <jonathan@phillipoux.net>. I have not
assigned rights and/or interest in this work to any party.

Hope this is the right wording...