[Date Prev][Date Next]
Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6238) contrib: lastbind overlay to record timestamp of last successful bind
- From: firstname.lastname@example.org
- Date: Fri, 10 Dec 2010 17:15:03 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
> On 30/07/09 13:50, email@example.com wrote:
>> Full_Name: Jonathan Clarke
>> Version: RE24
>> URL: ftp://ftp.openldap.org/incoming/jonathan-clarke-lastbind-20090730.tgz
>> Submission from: (NULL) (220.127.116.11)
>> Please find, at the above URL, an overlay, built for OpenLDAP 2.4, that
>> intercepts successful binds and records the current timestamp in an attribute
>> named "bindTimestamp" in the bound-to entry. It's original use-case is to detect
>> unused accounts.
>> A configuration parameter (olcLastBindPrecision) allows to set a minimum
>> precision for the timestamp (ie, don't update the timestamp unless it's older
>> than<n> seconds). This avoids a performance hit from many unnecessary writes in
>> case there are many binds per minute/hour/day/week/etc.
>> Of course, the behaviour this overlay implements is not described in any RFC, or
>> other. However, it closely resembles some of the functionality from the password
>> policy overlay, and similar functionality already exists in other LDAP servers.
There is an equivalent attribute defined in the latest ppolicy draft. Perhaps
you could use that. Or just submit a patch to incorporate this feature into
the current ppoloicy overlay.
>> I post it here in the hope that it may serve others, and in case the OpenLDAP
>> wishes to include it in one form or another. I would most appreciate any
>> comments or feedback.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/