From: Lenka Klement Date: Wed, 3 Sep 2025 13:14:44 +0000 (+0200) Subject: ITS#10372 last-bind configuration manual updates X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=442b2c84f856ca735d0b3207ab32a772d896a323;p=thirdparty%2Fopenldap.git ITS#10372 last-bind configuration manual updates --- diff --git a/contrib/slapd-modules/lastbind/slapo-lastbind.5 b/contrib/slapd-modules/lastbind/slapo-lastbind.5 index 82d666d5d1..f90215bcf0 100644 --- a/contrib/slapd-modules/lastbind/slapo-lastbind.5 +++ b/contrib/slapd-modules/lastbind/slapo-lastbind.5 @@ -19,10 +19,9 @@ older than a given value, thus avoiding large numbers of write operations penalizing performance. One sample use for this overlay would be to detect unused accounts. -Now that OpenLDAP has native support for most of this functionality, -storing the value in pwdLastSuccess to better interact with the Behera -Password Policy draft 10. Unless you require lastbind_forward_updates, -you should consider using that instead. +Now that OpenLDAP has native support for most of this functionality, you +should consider storing the value in pwdLastSuccess to better interact +with the Behera Password Policy draft 10. .SH CONFIGURATION The config directives that are specific to the diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5 index 9cb364608c..e2ccd68bbd 100644 --- a/doc/man/man5/slapd-config.5 +++ b/doc/man/man5/slapd-config.5 @@ -1517,7 +1517,10 @@ by the syncrepl provider. By default, olcLastMod is TRUE. Controls whether .B slapd will automatically maintain the pwdLastSuccess attribute for -entries. By default, olcLastBind is FALSE. +entries. By default, olcLastBind is FALSE. On a replication +consumer the pwdLastSuccess attribute will be forwarded to +the provider assuming updateref setting and chain overlay +are appropriately configured. .TP .B olcLastBindPrecision: If olcLastBind is enabled, specifies how frequently pwdLastSuccess diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 index 44fbbc2c30..0e5033d272 100644 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -1406,7 +1406,10 @@ by the syncrepl provider. By default, lastmod is on. Controls whether .B slapd will automatically maintain the pwdLastSuccess attribute for -entries. By default, lastbind is off. +entries. By default, lastbind is off. On a replication +consumer the pwdLastSuccess attribute will be forwarded +to the provider assuming updateref setting and chain overlay +are appropriately configured. .TP .B lastbind-precision If lastbind is enabled, specifies how frequently pwdLastSuccess