Provided by: slapd_2.4.42+dfsg-2ubuntu3.13_amd64 bug


       slapo-lastbind - lastbind overlay to slapd




       The  lastbind  overlay  to  slapd(8) allows recording the timestamp of the last successful
       bind to entries in the directory, in the authTimestamp  attribute.   The  overlay  can  be
       configured  to update this timestamp only if it is older than a given value, thus avoiding
       large numbers of write operations penalizing performance.  One sample use for this overlay
       would be to detect unused accounts.


       The  config  directives  that  are  specific  to  the lastbind overlay must be prefixed by
       lastbind-, to avoid  potential  conflicts  with  directives  specific  to  the  underlying
       database or to other stacked overlays.

       overlay lastbind
              This directive adds the lastbind overlay to the current database, see slapd.conf(5)
              for details.

       This slapd.conf configuration option is defined for the lastbind overlay. It  must  appear
       after the overlay directive:

       lastbind-precision <seconds>
              The   value  <seconds>  is  the  number  of  seconds  after  which  to  update  the
              authTimestamp attribute in an entry. If the existing value of authTimestamp is less
              than  <seconds>  old,  it  will  not  be  changed.  If this configuration option is
              omitted, the authTimestamp attribute is updated on each successful bind operation.


       This example configures the lastbind overlay to store authTimestamp in all  entries  in  a
       database, with a 1 week precision.  Add the following to slapd.conf(5):

           database <database>
           # ...

           overlay lastbind
           lastbind-precision 604800

       slapd must also load, if compiled as a run-time module;


              default slapd configuration file


       slapd.conf(5), slapd(8).  The slapo-lastbind(5) overlay supports dynamic configuration via


       This module was written in 2009 by  Jonathan  Clarke.  It  is  loosely  derived  from  the
       password policy overlay.