Commit 0403ca4f authored by Howard Chu's avatar Howard Chu
Browse files

Allocate ConfigOID, use ISODE authTimestamp schema

parent 34347c66
......@@ -4,3 +4,4 @@ OLcfgCt{Oc|At}:1 smbk5pwd
OLcfgCt{Oc|At}:2 autogroup
OLcfgCt{Oc|At}:3 nssov
OLcfgCt{Oc|At}:4 cloak
OLcfgCt{Oc|At}:5 lastbind
......@@ -37,43 +37,39 @@
#include <ac/ctype.h>
#include "config.h"
// Per-instance configuration information
/* Per-instance configuration information */
typedef struct lastbind_info {
// precision to update timestamp in bindTimestamp attribute
/* precision to update timestamp in bindTimestamp attribute */
int timestamp_precision;
} lastbind_info;
// Operational attributes
static AttributeDescription *ad_bindTimestamp;
/* Operational attributes */
static AttributeDescription *ad_authTimestamp;
// TODO: use a real OID
#define BASE_OID_AT "OLcfgCtAt:99"
#define BASE_OID_OC "OLcfgCtOc:99"
/* This is the definition used by ISODE, as supplied to us in
* ITS#6238 Followup #9
*/
static struct schema_info {
char *def;
AttributeDescription **ad;
} lastBind_OpSchema[] = {
{ "( "
BASE_OID_AT
".1 "
"NAME ( 'bindTimestamp' ) "
"DESC 'The time the last successful bind occured' "
{ "( 1.3.6.1.4.1.453.16.2.188 "
"NAME 'authTimestamp' "
"DESC 'last successful authentication using any method/mech' "
"EQUALITY generalizedTimeMatch "
"ORDERING generalizedTimeOrderingMatch "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
&ad_bindTimestamp},
"SINGLE-VALUE NO-USER-MODIFICATION USAGE dsaOperation )",
&ad_authTimestamp},
{ NULL, NULL }
};
// configuration attribute and objectclass
/* configuration attribute and objectclass */
static ConfigTable lastbindcfg[] = {
{ "lastbind-precision", "seconds", 2, 2, 0,
ARG_INT|ARG_OFFSET,
(void *)offsetof(lastbind_info, timestamp_precision),
"( "
BASE_OID_AT
".2 "
"( OLcfgAt:5.1 "
"NAME 'olcLastBindPrecision' "
"DESC 'Precision of bindTimestamp attribute' "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
......@@ -81,9 +77,7 @@ static ConfigTable lastbindcfg[] = {
};
static ConfigOCs lastbindocs[] = {
{ "( "
BASE_OID_OC
".1 "
{ "( OLcfgOc:5.1 "
"NAME 'olcLastBindConfig' "
"DESC 'Last Bind configuration' "
"SUP olcOverlayConfig "
......@@ -121,7 +115,7 @@ lastbind_bind_response( Operation *op, SlapReply *rs )
return SLAP_CB_CONTINUE;
}
// we're only interested if the bind was successful
/* we're only interested if the bind was successful */
if ( rs->sr_err == LDAP_SUCCESS ) {
lastbind_info *lbi = (lastbind_info *) op->o_callback->sc_private;
......@@ -135,7 +129,7 @@ lastbind_bind_response( Operation *op, SlapReply *rs )
now = slap_get_time();
// get bindTimestamp attribute, if it exists
if ((a = attr_find( e->e_attrs, ad_bindTimestamp)) != NULL) {
if ((a = attr_find( e->e_attrs, ad_authTimestamp)) != NULL) {
bindtime = parse_time( a->a_nvals[0].bv_val );
if (bindtime != (time_t)-1) {
......@@ -155,8 +149,8 @@ lastbind_bind_response( Operation *op, SlapReply *rs )
m = ch_calloc( sizeof(Modifications), 1 );
m->sml_op = LDAP_MOD_REPLACE;
m->sml_flags = 0;
m->sml_type = ad_bindTimestamp->ad_cname;
m->sml_desc = ad_bindTimestamp;
m->sml_type = ad_authTimestamp->ad_cname;
m->sml_desc = ad_authTimestamp;
m->sml_numvals = 1;
m->sml_values = ch_calloc( sizeof(struct berval), 2 );
m->sml_nvalues = ch_calloc( sizeof(struct berval), 2 );
......
......@@ -11,12 +11,12 @@ overlay to
.BR slapd (8)
allows recording the timestamp of the last successful bind to entries
in the directory, in the
.B bindTimestamp
.B authTimestamp
attribute.
The overlay can be configured to update this timestamp only if it is
older than a given value, thus avoiding large numbers of write
operations penalizing performance.
One sample use for this would be to detect unused accounts.
One sample use for this overlay would be to detect unused accounts.
.SH CONFIGURATION
The config directives that are specific to the
......@@ -46,21 +46,21 @@ directive:
The value
.B <seconds>
is the number of seconds after which to update the
.B bindTimestamp
.B authTimestamp
attribute in an entry. If the existing value of
.B bindTimestamp
.B authTimestamp
is less than
.B <seconds>
old, it will not be changed.
If this configuration option is omitted, the
.B bindTimestamp
.B authTimestamp
attribute is updated on each successful bind operation.
.SH EXAMPLE
This example configures the
.B lastbind
overlay to store
.B bindTimestamp
.B authTimestamp
in all entries in a database, with a 1 week precision.
Add the following to
.BR slapd.conf (5):
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment