Provided by: slapd_2.6.8+dfsg-1~exp4ubuntu3_amd64 bug

NAME

       slapo-lastbind - lastbind overlay to slapd

SYNOPSIS

       ETCDIR/slapd.conf

DESCRIPTION

       The  lastbind  overlay  to  slapd(8) allows recording the timestamp of the last successful
       bind to entries in the directory, in the authTimestamp  attribute.   The  overlay  can  be
       configured  to update this timestamp only if it is older than a given value, thus avoiding
       large numbers of write operations penalizing performance.  One sample use for this overlay
       would be to detect unused accounts.

       Now  that OpenLDAP has native support for most of this functionality, storing the value in
       pwdLastSuccess to better interact with the Behera Password Policy  draft  10.  Unless  you
       require lastbind_forward_updates, you should consider using that instead.

CONFIGURATION

       The  config  directives  that  are  specific  to  the lastbind overlay must be prefixed by
       lastbind-, to avoid  potential  conflicts  with  directives  specific  to  the  underlying
       database or to other stacked overlays.

       overlay lastbind
              This directive adds the lastbind overlay to the current database, see slapd.conf(5)
              for details.

       This slapd.conf configuration option is defined for the lastbind overlay. It  must  appear
       after the overlay directive:

       lastbind-precision <seconds>
              The   value  <seconds>  is  the  number  of  seconds  after  which  to  update  the
              authTimestamp attribute in an entry. If the existing value of authTimestamp is less
              than  <seconds>  old,  it  will  not  be  changed.  If this configuration option is
              omitted, the authTimestamp attribute is updated on each successful bind operation.

       lastbind_forward_updates
              Specify that updates of  the  authTimestamp  attribute  on  a  consumer  should  be
              forwarded to a provider instead of being written directly into the consumer's local
              database. This setting is only useful on a replication consumer, and also  requires
              the updateref setting and chain overlay to be appropriately configured.

EXAMPLE

       This  example  configures  the lastbind overlay to store authTimestamp in all entries in a
       database, with a 1 week precision.  Add the following to slapd.conf(5):

           database <database>
           # ...

           overlay lastbind
           lastbind-precision 604800

       slapd must also load lastbind.la, if compiled as a run-time module;

FILES

       ETCDIR/slapd.conf
              default slapd configuration file

SEE ALSO

       slapd.conf(5), slapd(8).

       IETF LDAP password  policy  proposal  by  P.  Behera,  L.   Poitou  and  J.   Sermersheim:
       documented in IETF document "draft-behera-ldap-password-policy-10.txt".

       The slapo-lastbind(5) overlay supports dynamic configuration via back-config.

ACKNOWLEDGEMENTS

       This  module  was  written  in  2009  by  Jonathan  Clarke. It is loosely derived from the
       password policy overlay.