[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd operational attributes

we are planning to use openldap2 with back-bdb on linux as the central userdatabase behind a webforum application.

One functional requirement is to keep track of the following attributes for each user:
- last login time
- last IP address
- last modification time (of user attributes)

its seems that these requirements would lead to an implementation where all authentications would also perform write operations to the database, which is certainly not desirable.

I now read about some operational attributes (such as createTimeStamp and modifiersName) that slapd seems to keep track of. I checked the documentation, the FAQ and the general Web, but found no satisfying answers to the following questions

- what operational attributes does slapd keeps track of automatically?
- can these be configured (i.e. new attributes added)?
- is it common practice to use these to fullfill requirements like the ones i described above?
- if not, what is common (best) practice? (not to use LDAP? or go for a hybrid setup?)

thanks a lot for any insight you might have!