[Date Prev][Date Next] [Chronological] [Thread] [Top]

access log or last bind overlay working with bind_anon?


I have been doing a lot of research into OpenLDAP and it’s functionalities.. While I have set up a few OpenLDAP servers before, there are many facets of the software I am unfamiliar with.
Recently, I was asked to find a way to obtain a list of users and their last login for auditing reasons (We need to disable the users after a certain amount of time of inactivity)

I have looked into a few different solutions but have been unable to reach anyone with enough knowledge for some reason so here is an email with some hope as to get some information to point me in the right direction.

I think there are two things that may work for my purposes.. The last bind overlay or the access log overlay.

For the Lastbind overlay, since we are using anonymous bind, do you know if this will still work for us?

For the access log, how would I pull this specific information out of the database? According to the man pages:

logops <operations>
Specify which types of operations to log. The valid operation types are abandon, add, bind, compare, delete, extended, modify, modrdn, search, and unbind. Aliases for common sets of operations are also available:

add, delete, modify, modrdn


compare, search


Would this work if are using anonymous binding as well?

Any help would be greatly appreciated!