Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
SLAPO-LASTBIND(5)	      File Formats Manual	     SLAPO-LASTBIND(5)

NAME
       slapo-lastbind -	lastbind overlay to slapd

SYNOPSIS
       ETCDIR/slapd.conf

DESCRIPTION
       The  lastbind overlay to	slapd(8) allows	recording the timestamp	of the
       last successful bind to entries in the directory, in the	 authTimestamp
       attribute.  The overlay can be configured to update this	timestamp only
       if it is	older than a given value, thus avoiding	large numbers of write
       operations  penalizing  performance.   One  sample use for this overlay
       would be	to detect unused accounts.

       Now that	OpenLDAP has native support for	most  of  this	functionality,
       you  should  consider storing the value in pwdLastSuccess to better in-
       teract with the Behera Password Policy draft 10.

CONFIGURATION
       The config directives that are specific to the lastbind overlay must be
       prefixed	by lastbind-, to avoid	potential  conflicts  with  directives
       specific	to the underlying database or to other stacked overlays.

       overlay lastbind
	      This  directive  adds  the lastbind overlay to the current data-
	      base, see	slapd.conf(5) for details.

       This slapd.conf configuration option is defined for the lastbind	 over-
       lay. It must appear after the overlay directive:

       lastbind-precision <seconds>
	      The  value <seconds> is the number of seconds after which	to up-
	      date the authTimestamp attribute in an entry.  If	 the  existing
	      value  of	 authTimestamp is less than <seconds> old, it will not
	      be changed.  If this configuration option	is omitted, the	 auth-
	      Timestamp	 attribute  is	updated	on each	successful bind	opera-
	      tion.

       lastbind_forward_updates
	      Specify that updates of the authTimestamp	attribute  on  a  con-
	      sumer should be forwarded	to a provider instead of being written
	      directly	into  the  consumer's  local database. This setting is
	      only useful on a replication consumer, and also requires the up-
	      dateref setting and chain	overlay	to  be	appropriately  config-
	      ured.

EXAMPLE
       This  example configures	the lastbind overlay to	store authTimestamp in
       all entries in a	database, with a 1 week	precision.  Add	the  following
       to slapd.conf(5):

	   database <database>
	   # ...

	   overlay lastbind
	   lastbind-precision 604800

       slapd must also load lastbind.la, if compiled as	a run-time module;

FILES
       ETCDIR/slapd.conf
	      default slapd configuration file

SEE ALSO
       slapd.conf(5), slapd(8).

       IETF  LDAP  password  policy  proposal  by P. Behera, L.	 Poitou	and J.
       Sermersheim:  documented	in IETF	document  "draft-behera-ldap-password-
       policy-10.txt".

       The  slapo-lastbind(5) overlay supports dynamic configuration via back-
       config.

ACKNOWLEDGEMENTS
       This module was written in 2009 by Jonathan Clarke. It is  loosely  de-
       rived from the password policy overlay.

OpenLDAP LDVERSION		  RELEASEDATE		     SLAPO-LASTBIND(5)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=slapo-lastbind&sektion=5&manpath=FreeBSD+Ports+15.1.quarterly>

home | help