Hi All,
My task at hand is to somehow record when a user last logged on to any of our systems, which all authenticate against OpenLDAP.
Now, I've browsed the mailing lists and some folks have suggested using the accesslog backend, and only have it log 'binds', and thus I can later look back at the log DB and see when folks logged in last.
While this seems to work, what concerns me is that it makes a log entry every time someone binds, so the log gets large fairly quickly, as well as load the server a bit because of all the write activity to the log DB (we have a large network with lots and lots of binds all the time). I saw that the accesslog backend has a 'logpurge' directive, but indeed I would like to only purge log entries older than a year, so the log DB will still get quite large.
I was wondering if anyone knew a way to perhaps have it "log an entry, but only log it if there is already not a pre-existing entry of not more than X days old" or something like that for the uid in question...? Or maybe even something such that it logs a new entry and automatically purges all other older entries that match the same uid?
Or even a better way?
Thanks for any thoughts/insight!
-erich
Le 07/04/2010 01:02, Erich Weiler a écrit :
Hi All,
My task at hand is to somehow record when a user last logged on to any of our systems, which all authenticate against OpenLDAP.
Now, I've browsed the mailing lists and some folks have suggested using the accesslog backend, and only have it log 'binds', and thus I can later look back at the log DB and see when folks logged in last.
While this seems to work, what concerns me is that it makes a log entry every time someone binds, so the log gets large fairly quickly, as well as load the server a bit because of all the write activity to the log DB (we have a large network with lots and lots of binds all the time). I saw that the accesslog backend has a 'logpurge' directive, but indeed I would like to only purge log entries older than a year, so the log DB will still get quite large.
I was wondering if anyone knew a way to perhaps have it "log an entry, but only log it if there is already not a pre-existing entry of not more than X days old" or something like that for the uid in question...? Or maybe even something such that it logs a new entry and automatically purges all other older entries that match the same uid?
Or even a better way?
Thanks for any thoughts/insight!
Hi,
I had the exact same requirement, and wrote an overlay to do this. It stores the time of last successful bind in an attribute in the user's entry.
It can be configured to only update this attribute if the last value is older than a given time, to avoid excessive writes if all you need to know is "has this user logged on this month?".
You can find it here: http://www.openldap.org/its/?findid=6238
Hope this helps, Jonathan
I had the exact same requirement, and wrote an overlay to do this. It stores the time of last successful bind in an attribute in the user's entry.
Wow, that looks like it's _exactly_ what I need. Lemme roll it out in a test environment and I'll ping you back on how much I like it. ;)
openldap-software@openldap.org
-
Erich Weiler -
Jonathan Clarke