At the university we have massive account creep. Alumni keep their accounts and terminated employees would never do anything bad so I generally don't get informed when the leave, drop outs aren't even tracked so who knows... Right now I estimate about 700 accounts that should not even exist. That being said, I would like to reclaim some sanity in my account system. For political reasons I can only ask for one account to be checked for validity at a time... could take a few years to filter through them all.... Thus was a plan hatched....
If there was a way I could store the timestamp of the last successful bind by this user in their entry (similarly to lastmod or create date) then after a year or three anyone who has no entry would be a candidate for further investigation....
Is there a way to make openldap store this data for me? Or must I write some C for an overlay (direct integration into the bind code seems a bad idea since if you don't need this why let it slow you down, and my C is more than a bit rough around the edges)?
Pat
OpenLDAP 2.4.10 on Linux for what it is worth.