From 572bb0718f6dbc2d5ae3451cb3c1580af4fe45d2 Mon Sep 17 00:00:00 2001 From: Lenka Klement Date: Wed, 3 Sep 2025 15:14:44 +0200 Subject: [PATCH] ITS#10372 last-bind configuration manual updates --- contrib/slapd-modules/lastbind/slapo-lastbind.5 | 7 +++---- doc/man/man5/slapd-config.5 | 5 ++++- doc/man/man5/slapd.conf.5 | 5 ++++- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/contrib/slapd-modules/lastbind/slapo-lastbind.5 b/contrib/slapd-modules/lastbind/slapo-lastbind.5 index 82d666d5d1..f90215bcf0 100644 --- a/contrib/slapd-modules/lastbind/slapo-lastbind.5 +++ b/contrib/slapd-modules/lastbind/slapo-lastbind.5 @@ -19,10 +19,9 @@ older than a given value, thus avoiding large numbers of write operations penalizing performance. One sample use for this overlay would be to detect unused accounts. -Now that OpenLDAP has native support for most of this functionality, -storing the value in pwdLastSuccess to better interact with the Behera -Password Policy draft 10. Unless you require lastbind_forward_updates, -you should consider using that instead. +Now that OpenLDAP has native support for most of this functionality, you +should consider storing the value in pwdLastSuccess to better interact +with the Behera Password Policy draft 10. .SH CONFIGURATION The config directives that are specific to the diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5 index da60a9693c..270550f4bc 100644 --- a/doc/man/man5/slapd-config.5 +++ b/doc/man/man5/slapd-config.5 @@ -1515,7 +1515,10 @@ by the syncrepl provider. By default, olcLastMod is TRUE. Controls whether .B slapd will automatically maintain the pwdLastSuccess attribute for -entries. By default, olcLastBind is FALSE. +entries. By default, olcLastBind is FALSE. On a replication +consumer the pwdLastSuccess attribute will be forwarded to +the provider assuming updateref setting and chain overlay +are appropriately configured. .TP .B olcLastBindPrecision: If olcLastBind is enabled, specifies how frequently pwdLastSuccess diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 index a85832b075..6382d40a75 100644 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -1404,7 +1404,10 @@ by the syncrepl provider. By default, lastmod is on. Controls whether .B slapd will automatically maintain the pwdLastSuccess attribute for -entries. By default, lastbind is off. +entries. By default, lastbind is off. On a replication +consumer the pwdLastSuccess attribute will be forwarded +to the provider assuming updateref setting and chain overlay +are appropriately configured. .TP .B lastbind-precision If lastbind is enabled, specifies how frequently pwdLastSuccess