Provided by: slapd_2.6.7+dfsg-1~exp1ubuntu8.2_amd64 bug

NAME
       slapo-lastbind - lastbind overlay to slapd


SYNOPSIS
       ETCDIR/slapd.conf


DESCRIPTION
       The lastbind overlay to slapd(8) allows recording the timestamp of the last successful bind to entries in
       the directory, in the authTimestamp attribute.  The overlay can be configured to  update  this  timestamp
       only  if  it  is  older  than  a  given value, thus avoiding large numbers of write operations penalizing
       performance.  One sample use for this overlay would be to detect unused accounts.

       Now that OpenLDAP has native support for most of this functionality, storing the value in  pwdLastSuccess
       to better interact with the Behera Password Policy draft 10. Unless you require lastbind_forward_updates,
       you should consider using that instead.


CONFIGURATION
       The config directives that are specific to the lastbind overlay must be prefixed by lastbind-,  to  avoid
       potential conflicts with directives specific to the underlying database or to other stacked overlays.

       overlay lastbind
              This directive adds the lastbind overlay to the current database, see slapd.conf(5) for details.

       This  slapd.conf  configuration  option  is  defined  for  the lastbind overlay. It must appear after the
       overlay directive:

       lastbind-precision <seconds>
              The value <seconds> is the number of seconds after which to update the authTimestamp attribute  in
              an  entry.  If  the  existing  value  of  authTimestamp is less than <seconds> old, it will not be
              changed.  If this configuration option is omitted, the authTimestamp attribute is updated on  each
              successful bind operation.

       lastbind_forward_updates
              Specify  that  updates  of  the  authTimestamp  attribute  on  a consumer should be forwarded to a
              provider instead of being written directly into the consumer's local  database.  This  setting  is
              only  useful  on a replication consumer, and also requires the updateref setting and chain overlay
              to be appropriately configured.


EXAMPLE
       This example configures the lastbind overlay to store authTimestamp in all entries in a database, with  a
       1 week precision.  Add the following to slapd.conf(5):

           database <database>
           # ...

           overlay lastbind
           lastbind-precision 604800

       slapd must also load lastbind.la, if compiled as a run-time module;


FILES
       ETCDIR/slapd.conf
              default slapd configuration file


SEE ALSO
       slapd.conf(5), slapd(8).

       IETF  LDAP  password  policy  proposal  by P. Behera, L.  Poitou and J.  Sermersheim:  documented in IETF
       document "draft-behera-ldap-password-policy-10.txt".

       The slapo-lastbind(5) overlay supports dynamic configuration via back-config.


ACKNOWLEDGEMENTS
       This module was written in 2009 by Jonathan Clarke. It  is  loosely  derived  from  the  password  policy
       overlay.