I was wondering if there is any way to configure OpenLDAP to record the last time an
account was successfully authorized? We need to be able to prune accounts after a period
of inactivity, but there's no way right now to know if they user has been active or
not. We can't base it on the last time they connected to a shell because not everyone
uses shells; some people just authenticate to POP their e-mail or log into a web page. If
there was some way to maintain a time stamp of the last time that that a user successfully
authenticated (by way of an LDAP bind to the LDAP server) that would solve this problem.
UC Santa Cruz