SLAPO-LASTBIND 5 "RELEASEDATE" "OpenLDAP LDVERSION"
Copyright 2009 Jonathan Clarke, All Rights Reserved. $OpenLDAP$ NAME
slapo-lastbind - lastbind overlay to slapd
SYNOPSIS
ETCDIR/
slapd.conf
DESCRIPTION
The
lastbind overlay to
slapd (8) allows recording the timestamp of the last successful bind to entries
in the directory, in the
authTimestamp attribute.
The overlay can be configured to update this timestamp only if it is
older than a given value, thus avoiding large numbers of write
operations penalizing performance.
One sample use for this overlay would be to detect unused accounts.
CONFIGURATION
The config directives that are specific to the
lastbind overlay must be prefixed by
lastbind- , to avoid potential conflicts with directives specific to the underlying
database or to other stacked overlays.
overlay lastbind This directive adds the
lastbind overlay to the current database, see
slapd.conf (5) for details.
This
slapd.conf configuration option is defined for the lastbind overlay. It must
appear after the
overlay directive:
lastbind-precision <seconds> The value
<seconds> is the number of seconds after which to update the
authTimestamp attribute in an entry. If the existing value of
authTimestamp is less than
<seconds> old, it will not be changed.
If this configuration option is omitted, the
authTimestamp attribute is updated on each successful bind operation.
EXAMPLE
This example configures the
lastbind overlay to store
authTimestamp in all entries in a database, with a 1 week precision.
Add the following to
slapd.conf (5):
database <database>
# ...
overlay lastbind
lastbind-precision 604800
slapd must also load
lastbind.la, if compiled as a run-time module;
FILES
ETCDIR/slapd.conf
default slapd configuration file
SEE ALSO
slapd.conf (5), slapd (8). The
slapo-lastbind (5) overlay supports dynamic configuration via
back-config. ACKNOWLEDGEMENTS
This module was written in 2009 by Jonathan Clarke. It is loosely
derived from the password policy overlay.