Commits (2)
...@@ -23,8 +23,9 @@ ...@@ -23,8 +23,9 @@
* last successful bind operation in a directory entry. * last successful bind operation in a directory entry.
* *
* Optimization: to avoid performing a write on each bind, * Optimization: to avoid performing a write on each bind,
* a precision for this timestamp may be configured, causing it to * a precision for this timestamp may be configured on the database,
* only be updated if it is older than a given number of seconds. * causing it to only be updated if it is older than a given number
* of seconds.
*/ */
#ifdef SLAPD_OVER_LASTBIND #ifdef SLAPD_OVER_LASTBIND
...@@ -40,8 +41,6 @@ ...@@ -40,8 +41,6 @@
/* Per-instance configuration information */ /* Per-instance configuration information */
typedef struct lastbind_info { typedef struct lastbind_info {
/* precision to update timestamp in authTimestamp attribute */
int timestamp_precision;
int forward_updates; /* use frontend for authTimestamp updates */ int forward_updates; /* use frontend for authTimestamp updates */
} lastbind_info; } lastbind_info;
...@@ -68,14 +67,6 @@ static struct schema_info { ...@@ -68,14 +67,6 @@ static struct schema_info {
/* configuration attribute and objectclass */ /* configuration attribute and objectclass */
static ConfigTable lastbindcfg[] = { static ConfigTable lastbindcfg[] = {
{ "lastbind-precision", "seconds", 2, 2, 0,
ARG_INT|ARG_OFFSET,
(void *)offsetof(lastbind_info, timestamp_precision),
"( OLcfgCtAt:5.1 "
"NAME 'olcLastBindPrecision' "
"DESC 'Precision of authTimestamp attribute' "
"EQUALITY integerMatch "
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
{ "lastbind_forward_updates", "on|off", 1, 2, 0, { "lastbind_forward_updates", "on|off", 1, 2, 0,
ARG_ON_OFF|ARG_OFFSET, ARG_ON_OFF|ARG_OFFSET,
(void *)offsetof(lastbind_info,forward_updates), (void *)offsetof(lastbind_info,forward_updates),
...@@ -91,7 +82,7 @@ static ConfigOCs lastbindocs[] = { ...@@ -91,7 +82,7 @@ static ConfigOCs lastbindocs[] = {
"NAME 'olcLastBindConfig' " "NAME 'olcLastBindConfig' "
"DESC 'Last Bind configuration' " "DESC 'Last Bind configuration' "
"SUP olcOverlayConfig " "SUP olcOverlayConfig "
"MAY ( olcLastBindPrecision $ olcLastBindForwardUpdates) )", "MAY ( olcLastBindForwardUpdates) )",
Cft_Overlay, lastbindcfg, NULL, NULL }, Cft_Overlay, lastbindcfg, NULL, NULL },
{ NULL, 0, NULL } { NULL, 0, NULL }
}; };
...@@ -148,7 +139,7 @@ lastbind_bind_response( Operation *op, SlapReply *rs ) ...@@ -148,7 +139,7 @@ lastbind_bind_response( Operation *op, SlapReply *rs )
if (bindtime != (time_t)-1) { if (bindtime != (time_t)-1) {
/* if the recorded bind time is within our precision, we're done /* if the recorded bind time is within our precision, we're done
* it doesn't need to be updated (save a write for nothing) */ * it doesn't need to be updated (save a write for nothing) */
if ((now - bindtime) < lbi->timestamp_precision) { if ((now - bindtime) < op->o_bd->be_lastbind_precision) {
goto done; goto done;
} }
} }
......
...@@ -19,6 +19,11 @@ older than a given value, thus avoiding large numbers of write ...@@ -19,6 +19,11 @@ older than a given value, thus avoiding large numbers of write
operations penalizing performance. operations penalizing performance.
One sample use for this overlay would be to detect unused accounts. One sample use for this overlay would be to detect unused accounts.
Now that OpenLDAP has native support for most of this functionality,
storing the value in pwdLastSuccess to better interact with the Behera
Password Policy draft 10. Unless you require lastbind_forward_updates,
you should consider using that instead.
.SH CONFIGURATION .SH CONFIGURATION
The config directives that are specific to the The config directives that are specific to the
.B lastbind .B lastbind
...@@ -98,6 +103,11 @@ default slapd configuration file ...@@ -98,6 +103,11 @@ default slapd configuration file
.SH SEE ALSO .SH SEE ALSO
.BR slapd.conf (5), .BR slapd.conf (5),
.BR slapd (8). .BR slapd (8).
.LP
IETF LDAP password policy proposal by P. Behera, L. Poitou and J.
Sermersheim: documented in IETF document
"draft-behera-ldap-password-policy-10.txt".
The The
.BR slapo-lastbind (5) .BR slapo-lastbind (5)
overlay supports dynamic configuration via overlay supports dynamic configuration via
......