Hello there Does any versions of openldap schema support the last logon attribute? I am asked to add that attribute to run a report through a application? I don't know if simply addding that attribute on the local schema configuration(openldap 2.4.30) would do it.Is it possible? Thanks
John
2012/11/5 jeevan kc jeev_biz@hotmail.com
Hello there Does any versions of openldap schema support the last logon attribute? I am asked to add that attribute to run a report through a application? I don't know if simply addding that attribute on the local schema configuration(openldap 2.4.30) would do it.Is it possible? Thanks
You should check the contrib overlay called lastbind. It manages the last logon timestamp in a specific attribute.
Clément.
Thanks for the reply. I checked the lastbind overlay and this is what it looks like dn: olcOverlay={3}lastbind objectClass: olcLastBindConfig objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top olcOverlay: {3}lastbind olcLastBindPrecision: 43200 structuralObjectClass: olcLastBindConfig entryUUID: 49566798-83c5-1030-9ef2-bd84df7cdeb5 creatorsName: cn=manager createTimestamp: 20111005174331Z entryCSN: 20111005174359.791663Z#000000#000#000000 modifiersName: cn=manager modifyTimestamp: 20111005174359Z So, how do I look for the lastlogon attribute? Your help is much appreciated
Jeevan
Date: Mon, 5 Nov 2012 17:52:06 +0100 Subject: Re: Lastlogon attribute From: clem.oudot@gmail.com To: jeev_biz@hotmail.com CC: openldap-technical@openldap.org
2012/11/5 jeevan kc jeev_biz@hotmail.com
Hello there Does any versions of openldap schema support the last logon attribute? I am asked to add that attribute to run a report through a application? I don't know if simply addding that attribute on the local schema configuration(openldap 2.4.30) would do it.Is it possible? Thanks
You should check the contrib overlay called lastbind. It manages the last logon timestamp in a specific attribute.
Clément.
2012/11/5 jeevan kc jeev_biz@hotmail.com
Thanks for the reply. I checked the lastbind overlay and this is what it looks like dn: olcOverlay={3}lastbind objectClass: olcLastBindConfig objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top olcOverlay: {3}lastbind olcLastBindPrecision: 43200 structuralObjectClass: olcLastBindConfig entryUUID: 49566798-83c5-1030-9ef2-bd84df7cdeb5 creatorsName: cn=manager createTimestamp: 20111005174331Z entryCSN: 20111005174359.791663Z#000000#000#000000 modifiersName: cn=manager modifyTimestamp: 20111005174359Z So, how do I look for the lastlogon attribute? Your help is much appreciated
The overlay will write the timestamp in authtimestamp operational attribute in the user entry.
I wrote an article on this but it's in French: http://coudot.blogs.linagora.com/index.php/post/2012/06/12/M%C3%A9moriser-la...
Maybe an online translation can help you.
Clément.
Clement, I did the online translation. That was a nicely written article and very helpful. Thank you again for your help.
Jeevan
Date: Mon, 5 Nov 2012 21:41:30 +0100 Subject: Re: Lastlogon attribute From: clem.oudot@gmail.com To: jeev_biz@hotmail.com CC: openldap-technical@openldap.org
2012/11/5 jeevan kc jeev_biz@hotmail.com
Thanks for the reply. I checked the lastbind overlay and this is what it looks like dn: olcOverlay={3}lastbind objectClass: olcLastBindConfig objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top olcOverlay: {3}lastbind olcLastBindPrecision: 43200 structuralObjectClass: olcLastBindConfig entryUUID: 49566798-83c5-1030-9ef2-bd84df7cdeb5 creatorsName: cn=manager createTimestamp: 20111005174331Z entryCSN: 20111005174359.791663Z#000000#000#000000 modifiersName: cn=manager modifyTimestamp: 20111005174359Z So, how do I look for the lastlogon attribute? Your help is much appreciated
The overlay will write the timestamp in authtimestamp operational attribute in the user entry.
I wrote an article on this but it's in French: http://coudot.blogs.linagora.com/index.php/post/2012/06/12/M%C3%A9moriser-la...
Maybe an online translation can help you.
Clément.
Hello now I have a question. Is there any way that we can add the authtimestamp attribute to all users using ldapadd so that it becomes visible while running the ldapsearch query? Thanks
Date: Mon, 5 Nov 2012 21:41:30 +0100 Subject: Re: Lastlogon attribute From: clem.oudot@gmail.com To: jeev_biz@hotmail.com CC: openldap-technical@openldap.org
2012/11/5 jeevan kc jeev_biz@hotmail.com
Thanks for the reply. I checked the lastbind overlay and this is what it looks like dn: olcOverlay={3}lastbind objectClass: olcLastBindConfig objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top olcOverlay: {3}lastbind olcLastBindPrecision: 43200 structuralObjectClass: olcLastBindConfig entryUUID: 49566798-83c5-1030-9ef2-bd84df7cdeb5 creatorsName: cn=manager createTimestamp: 20111005174331Z entryCSN: 20111005174359.791663Z#000000#000#000000 modifiersName: cn=manager modifyTimestamp: 20111005174359Z So, how do I look for the lastlogon attribute? Your help is much appreciated
The overlay will write the timestamp in authtimestamp operational attribute in the user entry.
I wrote an article on this but it's in French: http://coudot.blogs.linagora.com/index.php/post/2012/06/12/M%C3%A9moriser-la...
Maybe an online translation can help you.
Clément.
2012/11/6 jeevan kc jeev_biz@hotmail.com
Hello now I have a question. Is there any way that we can add the authtimestamp attribute to all users using ldapadd so that it becomes visible while running the ldapsearch query? Thanks
If you use the lastbind overlay, the attribute is visible after the first authentication of the user. As it is an operationnal attribute, you need to use '+' or its name in the attribute list of the search to see it. For example :
ldapsearch -b dc=example,dc=com '(objectClass=person)' authtimestamp
If you want to create or modify this value, you need to use the 'relax' control.
Clément.
One of the application developer is asking me for the attribute that holds the last logon timestamp so that he could run a report. Since it is an operational attribute would he able to retrieve it for his application? Thank you so much.
On Nov 6, 2012, at 12:20 PM, "Clément OUDOT" clem.oudot@gmail.com wrote:
2012/11/6 jeevan kc jeev_biz@hotmail.com
Hello now I have a question. Is there any way that we can add the authtimestamp attribute to all users using ldapadd so that it becomes visible while running the ldapsearch query? Thanks
If you use the lastbind overlay, the attribute is visible after the first authentication of the user. As it is an operationnal attribute, you need to use '+' or its name in the attribute list of the search to see it. For example :
ldapsearch -b dc=example,dc=com '(objectClass=person)' authtimestamp
If you want to create or modify this value, you need to use the 'relax' control.
Clément.
2012/11/6 jeevan kc jeev_biz@hotmail.com
One of the application developer is asking me for the attribute that holds the last logon timestamp so that he could run a report. Since it is an operational attribute would he able to retrieve it for his application? Thank you so much.
Yes no problem.
Clément.
Hello I have one more question. The authtimestamp attribute doesnt work for all users. When I do the ldapsearch with uid filter including the authtimestamp attribute it shows the last logon date for some users and for some it doesn't. Pelase can you throw some light on this?
Date: Wed, 7 Nov 2012 00:13:28 +0100 Subject: Re: Lastlogon attribute From: clem.oudot@gmail.com To: jeev_biz@hotmail.com CC: openldap-technical@openldap.org
2012/11/6 jeevan kc jeev_biz@hotmail.com
One of the application developer is asking me for the attribute that holds the last logon timestamp so that he could run a report. Since it is an operational attribute would he able to retrieve it for his application? Thank you so much.
Yes no problem.
Clément.
2012/11/8 jeevan kc jeev_biz@hotmail.com
Hello I have one more question. The authtimestamp attribute doesnt work for all users. When I do the ldapsearch with uid filter including the authtimestamp attribute it shows the last logon date for some users and for some it doesn't. Pelase can you throw some light on this?
The attribute is created after the first BIND. Maybe some of your users did not authenticate since you enabled the overlay.
Clément.
Clement, Thank you for all you help so far. Sorry for being a pain but I see that that the timestamp on the master server and the slave servers are different for some users. Is this like some catch for the overlay or is it a issue that can be fixed? Thanks a lot
Date: Fri, 9 Nov 2012 09:47:56 +0100 Subject: Re: Lastlogon attribute From: clem.oudot@gmail.com To: jeev_biz@hotmail.com CC: openldap-technical@openldap.org
2012/11/8 jeevan kc jeev_biz@hotmail.com
Hello I have one more question. The authtimestamp attribute doesnt work for all users. When I do the ldapsearch with uid filter including the authtimestamp attribute it shows the last logon date for some users and for some it doesn't. Pelase can you throw some light on this?
The attribute is created after the first BIND. Maybe some of your users did not authenticate since you enabled the overlay.
Clément.
2012/11/9 jeevan kc jeev_biz@hotmail.com
Clement, Thank you for all you help so far. Sorry for being a pain but I see that that the timestamp on the master server and the slave servers are different for some users. Is this like some catch for the overlay or is it a issue that can be fixed? Thanks a lot
I think this attribute is local, in order to know where was done the last authentication (master or slave). This attribute is not replicated.
And also I checked the crontib overlay. Yay it does mention the attribute that holds the lastlogon information. So do I have to add the attribute to local schema or does it just work from the crontib . Thank You
Date: Mon, 5 Nov 2012 17:52:06 +0100 Subject: Re: Lastlogon attribute From: clem.oudot@gmail.com To: jeev_biz@hotmail.com CC: openldap-technical@openldap.org
2012/11/5 jeevan kc jeev_biz@hotmail.com
Hello there Does any versions of openldap schema support the last logon attribute? I am asked to add that attribute to run a report through a application? I don't know if simply addding that attribute on the local schema configuration(openldap 2.4.30) would do it.Is it possible? Thanks
You should check the contrib overlay called lastbind. It manages the last logon timestamp in a specific attribute.
Clément.
openldap-technical@openldap.org
-
Clément OUDOT -
jeevan kc