https://bugs.openldap.org/show_bug.cgi?id=10354
Issue ID: 10354
Summary: Enhancement: Allow tuning of pwdLastSuccess (like
authTimestamp)
Product: OpenLDAP
Version: 2.5.13
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: slapd
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
As I understand it, the function of the lastbind overlay were integrated to
slapd core (under different names).
While the overly used attribute authTimestamp, slapd uses attribute
pwdLastSuccess to record the time of successful bind.
So in principle one could activate both at the same time, but the purpose is
unclear...
Anyway the lastbind overlay allows to configure (among others) the
"lastbind-precision", allowing to skip recording of too many successful binds
for a while.
Unfortunately the slapd core does not offer a comparable thing, so (for
example) automated periodic binds (e.g. used for monitoring) may fill a
changelog (delta-syncrepl) over time.
The proposal is to implement some mechanism of rate limiting for the updates of
pwdLastSuccess, or/and allow filtering of DNs that are included/excepted from
this mechanism (so automated periodic system accounts may be excepted).
--
You are receiving this mail because:
You are on the CC list for the issue.
