jonathan@phillipoux.net wrote:
Full_Name: Jonathan Clarke Version: RE24 OS: URL: ftp://ftp.openldap.org/incoming/jonathan-clarke-lastbind-20090730.tgz Submission from: (NULL) (82.67.204.30)
Please find, at the above URL, an overlay, built for OpenLDAP 2.4, that intercepts successful binds and records the current timestamp in an attribute named "bindTimestamp" in the bound-to entry. It's original use-case is to detect unused accounts.
Detecting unused accounts can also somewhat achieved by using slapo-accesslog with configuration directive "logops session". Still I see some value for such an simple overlay.
A configuration parameter (olcLastBindPrecision) allows to set a minimum precision for the timestamp (ie, don't update the timestamp unless it's older than <n> seconds). This avoids a performance hit from many unnecessary writes in case there are many binds per minute/hour/day/week/etc.
Things to consider:
Is this attribute supposed to be replicated?
How about adding configuration paramters so you can specify 1. the attribute type used and 2. the datetime format. This could be handy in situations where you want to mimique the behaviour of other LDAP servers.
Ciao, Michael.