mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-12-24 16:49:39 -05:00
Allocate ConfigOID, use ISODE authTimestamp schema
This commit is contained in:
Howard Chu
parent
34347c66a0
commit
0403ca4f56
3 changed files with 26 additions and 31 deletions
|
|
@ -4,3 +4,4 @@ OLcfgCt{Oc|At}:1 smbk5pwd
|
|||
OLcfgCt{Oc|At}:2 autogroup
|
||||
OLcfgCt{Oc|At}:3 nssov
|
||||
OLcfgCt{Oc|At}:4 cloak
|
||||
OLcfgCt{Oc|At}:5 lastbind
|
||||
|
|
|
|||
|
|
@ -37,43 +37,39 @@
|
|||
#include <ac/ctype.h>
|
||||
#include "config.h"
|
||||
|
||||
// Per-instance configuration information
|
||||
/* Per-instance configuration information */
|
||||
typedef struct lastbind_info {
|
||||
// precision to update timestamp in bindTimestamp attribute
|
||||
/* precision to update timestamp in bindTimestamp attribute */
|
||||
int timestamp_precision;
|
||||
} lastbind_info;
|
||||
|
||||
// Operational attributes
|
||||
static AttributeDescription *ad_bindTimestamp;
|
||||
/* Operational attributes */
|
||||
static AttributeDescription *ad_authTimestamp;
|
||||
|
||||
// TODO: use a real OID
|
||||
#define BASE_OID_AT "OLcfgCtAt:99"
|
||||
#define BASE_OID_OC "OLcfgCtOc:99"
|
||||
/* This is the definition used by ISODE, as supplied to us in
|
||||
* ITS#6238 Followup #9
|
||||
*/
|
||||
static struct schema_info {
|
||||
char *def;
|
||||
AttributeDescription **ad;
|
||||
} lastBind_OpSchema[] = {
|
||||
{ "( "
|
||||
BASE_OID_AT
|
||||
".1 "
|
||||
"NAME ( 'bindTimestamp' ) "
|
||||
"DESC 'The time the last successful bind occured' "
|
||||
{ "( 1.3.6.1.4.1.453.16.2.188 "
|
||||
"NAME 'authTimestamp' "
|
||||
"DESC 'last successful authentication using any method/mech' "
|
||||
"EQUALITY generalizedTimeMatch "
|
||||
"ORDERING generalizedTimeOrderingMatch "
|
||||
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
|
||||
"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
|
||||
&ad_bindTimestamp},
|
||||
"SINGLE-VALUE NO-USER-MODIFICATION USAGE dsaOperation )",
|
||||
&ad_authTimestamp},
|
||||
{ NULL, NULL }
|
||||
};
|
||||
|
||||
// configuration attribute and objectclass
|
||||
/* configuration attribute and objectclass */
|
||||
static ConfigTable lastbindcfg[] = {
|
||||
{ "lastbind-precision", "seconds", 2, 2, 0,
|
||||
ARG_INT|ARG_OFFSET,
|
||||
(void *)offsetof(lastbind_info, timestamp_precision),
|
||||
"( "
|
||||
BASE_OID_AT
|
||||
".2 "
|
||||
"( OLcfgAt:5.1 "
|
||||
"NAME 'olcLastBindPrecision' "
|
||||
"DESC 'Precision of bindTimestamp attribute' "
|
||||
"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
|
||||
|
|
@ -81,9 +77,7 @@ static ConfigTable lastbindcfg[] = {
|
|||
};
|
||||
|
||||
static ConfigOCs lastbindocs[] = {
|
||||
{ "( "
|
||||
BASE_OID_OC
|
||||
".1 "
|
||||
{ "( OLcfgOc:5.1 "
|
||||
"NAME 'olcLastBindConfig' "
|
||||
"DESC 'Last Bind configuration' "
|
||||
"SUP olcOverlayConfig "
|
||||
|
|
@ -121,7 +115,7 @@ lastbind_bind_response( Operation *op, SlapReply *rs )
|
|||
return SLAP_CB_CONTINUE;
|
||||
}
|
||||
|
||||
// we're only interested if the bind was successful
|
||||
/* we're only interested if the bind was successful */
|
||||
if ( rs->sr_err == LDAP_SUCCESS ) {
|
||||
lastbind_info *lbi = (lastbind_info *) op->o_callback->sc_private;
|
||||
|
||||
|
|
@ -135,7 +129,7 @@ lastbind_bind_response( Operation *op, SlapReply *rs )
|
|||
now = slap_get_time();
|
||||
|
||||
// get bindTimestamp attribute, if it exists
|
||||
if ((a = attr_find( e->e_attrs, ad_bindTimestamp)) != NULL) {
|
||||
if ((a = attr_find( e->e_attrs, ad_authTimestamp)) != NULL) {
|
||||
bindtime = parse_time( a->a_nvals[0].bv_val );
|
||||
|
||||
if (bindtime != (time_t)-1) {
|
||||
|
|
@ -155,8 +149,8 @@ lastbind_bind_response( Operation *op, SlapReply *rs )
|
|||
m = ch_calloc( sizeof(Modifications), 1 );
|
||||
m->sml_op = LDAP_MOD_REPLACE;
|
||||
m->sml_flags = 0;
|
||||
m->sml_type = ad_bindTimestamp->ad_cname;
|
||||
m->sml_desc = ad_bindTimestamp;
|
||||
m->sml_type = ad_authTimestamp->ad_cname;
|
||||
m->sml_desc = ad_authTimestamp;
|
||||
m->sml_numvals = 1;
|
||||
m->sml_values = ch_calloc( sizeof(struct berval), 2 );
|
||||
m->sml_nvalues = ch_calloc( sizeof(struct berval), 2 );
|
||||
|
|
|
|||
|
|
@ -11,12 +11,12 @@ overlay to
|
|||
.BR slapd (8)
|
||||
allows recording the timestamp of the last successful bind to entries
|
||||
in the directory, in the
|
||||
.B bindTimestamp
|
||||
.B authTimestamp
|
||||
attribute.
|
||||
The overlay can be configured to update this timestamp only if it is
|
||||
older than a given value, thus avoiding large numbers of write
|
||||
operations penalizing performance.
|
||||
One sample use for this would be to detect unused accounts.
|
||||
One sample use for this overlay would be to detect unused accounts.
|
||||
|
||||
.SH CONFIGURATION
|
||||
The config directives that are specific to the
|
||||
|
|
@ -46,21 +46,21 @@ directive:
|
|||
The value
|
||||
.B <seconds>
|
||||
is the number of seconds after which to update the
|
||||
.B bindTimestamp
|
||||
.B authTimestamp
|
||||
attribute in an entry. If the existing value of
|
||||
.B bindTimestamp
|
||||
.B authTimestamp
|
||||
is less than
|
||||
.B <seconds>
|
||||
old, it will not be changed.
|
||||
If this configuration option is omitted, the
|
||||
.B bindTimestamp
|
||||
.B authTimestamp
|
||||
attribute is updated on each successful bind operation.
|
||||
|
||||
.SH EXAMPLE
|
||||
This example configures the
|
||||
.B lastbind
|
||||
overlay to store
|
||||
.B bindTimestamp
|
||||
.B authTimestamp
|
||||
in all entries in a database, with a 1 week precision.
|
||||
Add the following to
|
||||
.BR slapd.conf (5):
|
||||
|
|
|
|||
Loading…
Reference in a new issue