operations penalizing performance.
One sample use for this overlay would be to detect unused accounts.
-Now that OpenLDAP has native support for most of this functionality,
-storing the value in pwdLastSuccess to better interact with the Behera
-Password Policy draft 10. Unless you require lastbind_forward_updates,
-you should consider using that instead.
+Now that OpenLDAP has native support for most of this functionality, you
+should consider storing the value in pwdLastSuccess to better interact
+with the Behera Password Policy draft 10.
.SH CONFIGURATION
The config directives that are specific to the
Controls whether
.B slapd
will automatically maintain the pwdLastSuccess attribute for
-entries. By default, olcLastBind is FALSE.
+entries. By default, olcLastBind is FALSE. On a replication
+consumer the pwdLastSuccess attribute will be forwarded to
+the provider assuming updateref setting and chain overlay
+are appropriately configured.
.TP
.B olcLastBindPrecision: <integer>
If olcLastBind is enabled, specifies how frequently pwdLastSuccess
Controls whether
.B slapd
will automatically maintain the pwdLastSuccess attribute for
-entries. By default, lastbind is off.
+entries. By default, lastbind is off. On a replication
+consumer the pwdLastSuccess attribute will be forwarded
+to the provider assuming updateref setting and chain overlay
+are appropriately configured.
.TP
.B lastbind-precision <integer>
If lastbind is enabled, specifies how frequently pwdLastSuccess
projects / thirdparty / openldap.git / commitdiff
