[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Recording the Last Successful Authorization

To: Tim Gustafson <tjg@soe.ucsc.edu>
Subject: Re: Recording the Last Successful Authorization
From: Howard Chu <hyc@symas.com>
Date: Fri, 17 Oct 2008 23:51:57 -0700
Cc: openldap-software@openldap.org
In-reply-to: <1917289447.275071224287056076.JavaMail.root@mail-01.cse.ucsc.edu>
References: <1917289447.275071224287056076.JavaMail.root@mail-01.cse.ucsc.edu>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.1b1pre) Gecko/20081015 SeaMonkey/2.0a1pre

Tim Gustafson wrote:

I was wondering if there is any way to configure OpenLDAP to record the
last

time an account was successfully authorized? We need to be able to prune
accounts after a period of inactivity, but there's no way right now to know if
they user has been active or not. We can't base it on the last time they
connected to a shell because not everyone uses shells; some people just
authenticate to POP their e-mail or log into a web page. If there was some way
to maintain a time stamp of the last time that that a user successfully
authenticated (by way of an LDAP bind to the LDAP server) that would solve
this problem.

See the slapo-accesslog(5) manpage.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- Recording the Last Successful Authorization
  - From: Tim Gustafson <tjg@soe.ucsc.edu>

Prev by Date: Re: userCertificate;binary in a 2.3.X ldif file
Next by Date: Re: Automatically imply -x in case of -D
Index(es):
- Chronological
- Thread