Hi! I've done little testing so far, but after having posted the message below, I realized that authTimestamp and 20250429131132Z may be different even. So I'm confused even more.
Example: My user had: pwdLastSuccess: 20250425054456Z authTimestamp: 20250425054456Z A manager user had: authTimestamp: 20250429130353Z pwdLastSuccess: 20250429131132Z So the manager user had a pwdLastSuccess, newer than authTimestamp. What could that mean? Or (asked differently): What is the exact definition of each of the attributes? Kind regards, Ulrich Windl From: Windl, Ulrich <u.wi...@ukr.de> Sent: Tuesday, April 29, 2025 1:52 PM To: openldap-technical@openldap.org Subject: [EXT] Q: lastbind, pwdLastSuccess, and authTimestamp Hi! Slapd-config states that pwdLastSuccess (provided by slapd) will be set if olcLastBind is set to true. However to do that the lastbind module/overlay is needed. But the latter sets authTimestamp. Slapo-policy documents that authTimestamp (provided by lastbind module) is set when lastbind is enabled. At it seems pwdLastSuccess and authTimestamp are set to the same value. Can someone explain the logic behind? I'm confused; do I really need the lastbind overlay? I'm using OpenLDAP 2.5.X Kind regards, Ulrich Windl
