slapo-lastbind - lastbind overlay to slapd
overlay to slapd
(8) allows recording the timestamp of
the last successful bind to entries in the directory, in the
attribute. The overlay can be configured to update this
timestamp only if it is older than a given value, thus avoiding large numbers
of write operations penalizing performance. One sample use for this overlay
would be to detect unused accounts.
The config directives that are specific to the lastbind
overlay must be
prefixed by lastbind-
, to avoid potential conflicts with directives
specific to the underlying database or to other stacked overlays.
- overlay lastbind
- This directive adds the lastbind overlay to the
current database, see slapd.conf(5) for details.
configuration option is defined for the lastbind overlay.
It must appear after the overlay
- lastbind-precision <seconds>
- The value <seconds> is the number of seconds
after which to update the authTimestamp attribute in an entry. If
the existing value of authTimestamp is less than
<seconds> old, it will not be changed. If this configuration
option is omitted, the authTimestamp attribute is updated on each
successful bind operation.
This example configures the lastbind
overlay to store
in all entries in a database, with a 1 week precision.
Add the following to slapd.conf
must also load lastbind.la,
if compiled as a run-time
- default slapd configuration file
(8). The slapo-lastbind
supports dynamic configuration via back-config.
This module was written in 2009 by Jonathan Clarke. It is loosely derived from
the password policy overlay.