Man page - slapo-lastbind(5)
Packages contains this manual
- slapo-remoteauth(5)
- slappw-argon2(5)
- slapadd(8)
- slapo-collect(5)
- slapd-dnssrv(5)
- slapo-retcode(5)
- slapo-dds(5)
- slapd-meta(5)
- slapd.plugin(5)
- slappasswd(8)
- slapo-translucent(5)
- slapo-syncprov(5)
- slapd-null(5)
- slapd-config(5)
- slapo-nestgroup(5)
- slapindex(8)
- slapo-otp(5)
- slapo-rwm(5)
- slapo-dynlist(5)
- slapd-ldap(5)
- slapd.backends(5)
- slapschema(8)
- slapo-autogroup(5)
- slapacl(8)
- slapo-accesslog(5)
- slapauth(8)
- slapd-relay(5)
- slapo-constraint(5)
- slapdn(8)
- slapd.access(5)
- slapo-lastbind(5)
- slapd-sql(5)
- slapo-sssvlv(5)
- slapd(8)
- slapd-sock(5)
- slapd-mdb(5)
- slapo-ppolicy(5)
- slapd-passwd(5)
- slapd.overlays(5)
- slapo-deref(5)
- slapo-chain(5)
- slapd-ldif(5)
- slapo-pbind(5)
- slaptest(8)
- slapo-memberof(5)
- slapo-auditlog(5)
- slapd-asyncmeta(5)
- slapo-homedir(5)
- slapo-pcache(5)
- slapd-monitor(5)
- slapd.conf(5)
- slapo-dyngroup(5)
- slapd-perl(5)
- slapcat(8)
- slapmodify(8)
- slapo-unique(5)
- slapo-valsort(5)
- slapo-refint(5)
- slapo-sock(5)
apt-get install slapd
Manual
SLAPO-LASTBIND
NAMESYNOPSIS
DESCRIPTION
CONFIGURATION
EXAMPLE
FILES
SEE ALSO
ACKNOWLEDGEMENTS
NAME
slapo-lastbind - lastbind overlay to slapd
SYNOPSIS
ETCDIR/slapd.conf
DESCRIPTION
The lastbind overlay to slapd (8) allows recording the timestamp of the last successful bind to entries in the directory, in the authTimestamp attribute. The overlay can be configured to update this timestamp only if it is older than a given value, thus avoiding large numbers of write operations penalizing performance. One sample use for this overlay would be to detect unused accounts.
Now that OpenLDAP has native support for most of this functionality, storing the value in pwdLastSuccess to better interact with the Behera Password Policy draft 10. Unless you require lastbind_forward_updates, you should consider using that instead.
CONFIGURATION
The config
directives that are specific to the
lastbind
overlay
must be prefixed by
lastbind-
, to avoid potential
conflicts with directives specific to the underlying
database or to other stacked overlays.
overlay lastbind
This directive adds the lastbind overlay to the current database, see slapd.conf (5) for details.
This
slapd.conf
configuration option is defined for the
lastbind overlay. It must appear after the
overlay
directive:
lastbind-precision <seconds>
The value <seconds> is the number of seconds after which to update the authTimestamp attribute in an entry. If the existing value of authTimestamp is less than <seconds> old, it will not be changed. If this configuration option is omitted, the authTimestamp attribute is updated on each successful bind operation.
lastbind_forward_updates
Specify that updates of the authTimestamp attribute on a consumer should be forwarded to a provider instead of being written directly into the consumerโs local database. This setting is only useful on a replication consumer, and also requires the updateref setting and chain overlay to be appropriately configured.
EXAMPLE
This example configures the lastbind overlay to store authTimestamp in all entries in a database, with a 1 week precision. Add the following to slapd.conf (5):
database
<database>
# ...
overlay lastbind
lastbind-precision 604800
slapd must also load lastbind.la, if compiled as a run-time module;
FILES
ETCDIR/slapd.conf
default slapd configuration file
SEE ALSO
slapd.conf (5), slapd (8).
IETF LDAP password policy proposal by P. Behera, L. Poitou and J. Sermersheim: documented in IETF document "draft-behera-ldap-password-policy-10.txt".
The slapo-lastbind (5) overlay supports dynamic configuration via back-config.
ACKNOWLEDGEMENTS
This module was written in 2009 by Jonathan Clarke. It is loosely derived from the password policy overlay.