Hi All,
My task at hand is to somehow record when a user last logged on to any of our systems, which all authenticate against OpenLDAP.
Now, I've browsed the mailing lists and some folks have suggested using the accesslog backend, and only have it log 'binds', and thus I can later look back at the log DB and see when folks logged in last.
While this seems to work, what concerns me is that it makes a log entry every time someone binds, so the log gets large fairly quickly, as well as load the server a bit because of all the write activity to the log DB (we have a large network with lots and lots of binds all the time). I saw that the accesslog backend has a 'logpurge' directive, but indeed I would like to only purge log entries older than a year, so the log DB will still get quite large.
I was wondering if anyone knew a way to perhaps have it "log an entry, but only log it if there is already not a pre-existing entry of not more than X days old" or something like that for the uid in question...? Or maybe even something such that it logs a new entry and automatically purges all other older entries that match the same uid?
Or even a better way?
Thanks for any thoughts/insight!
-erich