I'm trying to configure a means to be able to get the lastlogin time for users in my environment. However, since I'm stuck using the RHEL version of OpenLDAP I can't take advantage of the "lastbind overlay"
Here's my config.
overlay accesslog
logdb cn=accesslog
logops bind
logsuccess TRUE
# scan the accesslog DB every day, and purge entries older than 90 days
logpurge 90+00:00 01+00:00
The accesslog DB is populated and I can query for BIND operations, however the only BIND operations that get recorded are BINDS to the LDAP server itself. BINDS to clients do not get recorded in the accesslog. Is this the advertised behavior of the accesslog?
-Mike