https://bugs.openldap.org/show_bug.cgi?id=10354
Issue ID: 10354 Summary: Enhancement: Allow tuning of pwdLastSuccess (like authTimestamp) Product: OpenLDAP Version: 2.5.13 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: u.windl@ukr.de Target Milestone: ---
As I understand it, the function of the lastbind overlay were integrated to slapd core (under different names).
While the overly used attribute authTimestamp, slapd uses attribute pwdLastSuccess to record the time of successful bind. So in principle one could activate both at the same time, but the purpose is unclear...
Anyway the lastbind overlay allows to configure (among others) the "lastbind-precision", allowing to skip recording of too many successful binds for a while. Unfortunately the slapd core does not offer a comparable thing, so (for example) automated periodic binds (e.g. used for monitoring) may fill a changelog (delta-syncrepl) over time.
The proposal is to implement some mechanism of rate limiting for the updates of pwdLastSuccess, or/and allow filtering of DNs that are included/excepted from this mechanism (so automated periodic system accounts may be excepted).