[SAC] LDAP: time of last usage
Sandro Santilli
strk at kbt.io
Tue Sep 27 00:43:11 PDT 2016
On Sun, Sep 25, 2016 at 09:09:58PM +0000, Martin Spott wrote:
> Sandro Santilli wrote:
>
> > According to [this article](
> > http://serverfault.com/questions/390747/how-can-i-determine-the-last-time-an-open-directory-network-account-was-used-on
> > ) the LDAP server should store such info in a per-user file, can
> > anyone confirm ?
>
> As far as I can tell, OpenLDAP only stores creation and modification
> timestamps, but no access timestamps. Aside from that, the latter are
> subject to being inaccurate because many clients are caching user
> objects.
Caching user objects would make password changes ineffective,
are you sure this is really happening on any OSGeo service ?
> > Or, can you think of other ways to determine when an account was last
> > used ? The aim is to drop/disable/ping-to-confirm accounts that
> > weren't used in an year.
>
> The only procedure I can imagine is to set up a dedicated, custom log
> just for this special purpose - maybe from monitoring the default log.
Please let's use the appropriate ticket [1] to keep track of progress
on this front, it also contains other references about "last bind"
info.
[1] https://trac.osgeo.org/osgeo/ticket/1675
--strk;
More information about the Sac
mailing list