Hello,
We use OpenLDAP 2.3.27 as a user directory for our application. Now I need to keep track of directory user bind activities. More precisely I need to be able to get timestamp of last bind attempt for particular entry.
Is such a thing possible in OpenLDAP? Does it record bind attempts somehow?
My personal solution options are the following: 1) create attribute for last bind timestamp and fill it programmatically from the application 2) use slapo-accesslog(5) overlay, since there is a possibility to log bind operations in separate database
But maybe nevertheless there is some already existing entry attribute with such a timestamp?
Thanks in advance! Alina.
Alina Dubrovska wrote:
Hello,
We use OpenLDAP 2.3.27 as a user directory for our application. Now I need to keep track of directory user bind activities. More precisely I need to be able to get timestamp of last bind attempt for particular entry.
Is such a thing possible in OpenLDAP? Does it record bind attempts somehow?
If you use the ppolicy overlay it can record failed Bind attempts. But the record is erased after a successful Bind.
My personal solution options are the following:
- create attribute for last bind timestamp and fill it programmatically
from the application 2) use slapo-accesslog(5) overlay, since there is a possibility to log bind operations in separate database
Option 2 seems like your best bet.
But maybe nevertheless there is some already existing entry attribute with such a timestamp?
No.
Thanks in advance! Alina.
openldap-software@openldap.org
-
Alina Dubrovska -
Howard Chu