jonathan@phillipoux.net wrote:
On 30/07/09 13:50, jonathan@phillipoux.net wrote:
Full_Name: Jonathan Clarke Version: RE24 OS: URL: ftp://ftp.openldap.org/incoming/jonathan-clarke-lastbind-20090730.tgz Submission from: (NULL) (82.67.204.30)
Hi,
Please find, at the above URL, an overlay, built for OpenLDAP 2.4, that intercepts successful binds and records the current timestamp in an attribute named "bindTimestamp" in the bound-to entry. It's original use-case is to detect unused accounts.
A configuration parameter (olcLastBindPrecision) allows to set a minimum precision for the timestamp (ie, don't update the timestamp unless it's older than<n> seconds). This avoids a performance hit from many unnecessary writes in case there are many binds per minute/hour/day/week/etc.
Of course, the behaviour this overlay implements is not described in any RFC, or other. However, it closely resembles some of the functionality from the password policy overlay, and similar functionality already exists in other LDAP servers.
There is an equivalent attribute defined in the latest ppolicy draft. Perhaps you could use that. Or just submit a patch to incorporate this feature into the current ppoloicy overlay.
I post it here in the hope that it may serve others, and in case the OpenLDAP wishes to include it in one form or another. I would most appreciate any comments or feedback.