On 30/07/09 13:50, jonathan@phillipoux.net wrote:
Full_Name: Jonathan Clarke Version: RE24 OS: URL: ftp://ftp.openldap.org/incoming/jonathan-clarke-lastbind-20090730.tgz Submission from: (NULL) (82.67.204.30)
Hi,
Please find, at the above URL, an overlay, built for OpenLDAP 2.4, that intercepts successful binds and records the current timestamp in an attribute named "bindTimestamp" in the bound-to entry. It's original use-case is to detect unused accounts.
A configuration parameter (olcLastBindPrecision) allows to set a minimum precision for the timestamp (ie, don't update the timestamp unless it's older than <n> seconds). This avoids a performance hit from many unnecessary writes in case there are many binds per minute/hour/day/week/etc.
Of course, the behaviour this overlay implements is not described in any RFC, or other. However, it closely resembles some of the functionality from the password policy overlay, and similar functionality already exists in other LDAP servers.
I post it here in the hope that it may serve others, and in case the OpenLDAP wishes to include it in one form or another. I would most appreciate any comments or feedback.
Regards, Jonathan
PS: please note that the OIDs used are not registered, but used temporarily. I do not currently have access to a registered OID to use.
To respond to an off-list request, I'd like to add an IPR notice to this contribution:
The above mentioned files are derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the files were developed by Jonathan Clarke jonathan@phillipoux.net. I have not assigned rights and/or interest in this work to any party.
Hope this is the right wording...
Jonathan