Lastbind functionality integrated partially? Nice! Where can I find
documentation about it or a description on how to extract data for each user?
See the slapd.conf(5) man page.
Ok I have found it, make it enabled and I can't find information where this attribute is shown. I searched through this man page and through the latest Admin guide but nothing points me in the direction of this attribute location. I can see that it is loaded with schema but no object class is using it.
So I must be doing something wrong or I do not understand this mechanism.
Also, in latest 2.5.7* olcLastBindPrecision* is not among list of possible attributes for mdb. I Have searched for it also but only olcLastBind is inherited from olcDatabaseConfig.
*olcLastBind: TRUE | FALSE* Controls whether *slapd *will automatically maintain the pwdLastSuccess attribute for entries. By default, olcLastBind is FALSE.
*olcLastBindPrecision: <number>* If olcLastBind is enabled, a new value is written only if the current one is more than *number *seconds in the past.
Saša
Ok I have found it, make it enabled and I can't find information where this attribute is shown. I searched through this man page and through the latest Admin guide but nothing points me in the direction of this attribute location. I can see that it is loaded with schema but no object class is using it.
So I must be doing something wrong or I do not understand this mechanism.
Also, in latest 2.5.7* olcLastBindPrecision* is not among list of possible attributes for mdb. I Have searched for it also but only olcLastBind is inherited from olcDatabaseConfig.
*olcLastBind: TRUE | FALSE* Controls whether *slapd *will automatically maintain the pwdLastSuccess attribute for entries. By default, olcLastBind is FALSE. *olcLastBindPrecision: <number>* If olcLastBind is enabled, a new value is written only if the current one is more than *number *seconds in the past.Saša
To answer my own question (shame on me)
ldapsearch -h x.y.z.a -D "myUsername" -w abcdefg -b "myDN" -s sub '(objectClass=*)' '*' '+'
-------------------------------------- createTimestamp: 20210901080923Z pwdLastSuccess: 20210921103410Z entryCSN: 20210921103410.601925Z#000000#000#000000 -------------------------------
But part of not finding *olcLastBindPrecision* still stands.
Saša
On Tue, Sep 21, 2021 at 02:23:35PM +0200, Saša-Stjepan Bakša wrote:
Also, in latest 2.5.7* olcLastBindPrecision* is not among list of possible attributes for mdb. I Have searched for it also but only olcLastBind is inherited from olcDatabaseConfig.
*olcLastBindPrecision: <number>* If olcLastBind is enabled, a new value is written only if the current one is more than *number *seconds in the past.But part of not finding *olcLastBindPrecision* still stands.
This functionality is only implemented in the upcoming 2.6 release, it's not available in 2.5. If you have relied on this in your existing environment, you will need to keep using the lastbind overlay until then.
Regards,
On Tue, 21 Sept 2021 at 16:47, Ondřej Kuzník ondra@mistotebe.net wrote:
On Tue, Sep 21, 2021 at 02:23:35PM +0200, Saša-Stjepan Bakša wrote:
Also, in latest 2.5.7* olcLastBindPrecision* is not among list of possible attributes for mdb. I Have searched for it also but only olcLastBind is inherited from olcDatabaseConfig.
*olcLastBindPrecision: <number>* If olcLastBind is enabled, a new value is written only if the current one is more than *number *seconds in the past.But part of not finding *olcLastBindPrecision* still stands.
This functionality is only implemented in the upcoming 2.6 release, it's not available in 2.5. If you have relied on this in your existing environment, you will need to keep using the lastbind overlay until then.
Regards,
--
Hi Ondřej
No, I do not rely on it synce I am using lastbind feature for the first time and Qunah pointed me to the fact that it is partially included in 2.5.7
As for olcLastBindPrecision, I can see now why I have this feature found as something that is already included.
https://man7.org/linux/man-pages/man5/slapd-config.5.html is different from https://www.openldap.org/software/man.cgi?query=slapd.conf&apropos=0&... but it was the first thing shown in my google search for last bind in slapd.conf and I didn't bother to search further at that time.
Thank you for your information (and great work to :-) )
Best regards,
Saša
openldap-technical@openldap.org
-
Ondřej Kuzník -
Saša-Stjepan Bakša