Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
SLAPO-LASTBIND(5)	      File Formats Manual	     SLAPO-LASTBIND(5)

NAME
       slapo-lastbind -	lastbind overlay to slapd

SYNOPSIS
       ETCDIR/slapd.conf

DESCRIPTION
       The  lastbind overlay to	slapd(8) allows	recording the timestamp	of the
       last successful bind to entries in the directory, in the	 authTimestamp
       attribute.  The overlay can be configured to update this	timestamp only
       if it is	older than a given value, thus avoiding	large numbers of write
       operations  penalizing  performance.   One  sample use for this overlay
       would be	to detect unused accounts.

       Now that	OpenLDAP has native support for	most  of  this	functionality,
       storing	the value in pwdLastSuccess to better interact with the	Behera
       Password	Policy draft 10. Unless	you require  lastbind_forward_updates,
       you should consider using that instead.

CONFIGURATION
       The config directives that are specific to the lastbind overlay must be
       prefixed	 by  lastbind-,	 to  avoid potential conflicts with directives
       specific	to the underlying database or to other stacked overlays.

       overlay lastbind
	      This directive adds the lastbind overlay to  the	current	 data-
	      base, see	slapd.conf(5) for details.

       This  slapd.conf	configuration option is	defined	for the	lastbind over-
       lay. It must appear after the overlay directive:

       lastbind-precision <seconds>
	      The value	<seconds> is the number	of seconds after which to  up-
	      date  the	 authTimestamp	attribute in an	entry. If the existing
	      value of authTimestamp is	less than <seconds> old, it  will  not
	      be  changed.  If this configuration option is omitted, the auth-
	      Timestamp	attribute is updated on	each  successful  bind	opera-
	      tion.

       lastbind_forward_updates
	      Specify  that  updates  of the authTimestamp attribute on	a con-
	      sumer should be forwarded	to a provider instead of being written
	      directly into the	consumer's local  database.  This  setting  is
	      only useful on a replication consumer, and also requires the up-
	      dateref  setting	and  chain overlay to be appropriately config-
	      ured.

EXAMPLE
       This example configures the lastbind overlay to store authTimestamp  in
       all  entries in a database, with	a 1 week precision.  Add the following
       to slapd.conf(5):

	   database <database>
	   # ...

	   overlay lastbind
	   lastbind-precision 604800

       slapd must also load lastbind.la, if compiled as	a run-time module;

FILES
       ETCDIR/slapd.conf
	      default slapd configuration file

SEE ALSO
       slapd.conf(5), slapd(8).

       IETF LDAP password policy proposal by P.	 Behera,  L.   Poitou  and  J.
       Sermersheim:   documented in IETF document "draft-behera-ldap-password-
       policy-10.txt".

       The slapo-lastbind(5) overlay supports dynamic configuration via	 back-
       config.

ACKNOWLEDGEMENTS
       This  module  was written in 2009 by Jonathan Clarke. It	is loosely de-
       rived from the password policy overlay.

OpenLDAP LDVERSION		  RELEASEDATE		     SLAPO-LASTBIND(5)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=slapo-lastbind&sektion=5&manpath=FreeBSD+Ports+14.3.quarterly>

home | help