Hi All,
My task at hand is to somehow record when a user last logged on to any
of our systems, which all authenticate against OpenLDAP.
Now, I've browsed the mailing lists and some folks have suggested using
the accesslog backend, and only have it log 'binds', and thus I can
later look back at the log DB and see when folks logged in last.
While this seems to work, what concerns me is that it makes a log entry
every time someone binds, so the log gets large fairly quickly, as well
as load the server a bit because of all the write activity to the log DB
(we have a large network with lots and lots of binds all the time). I
saw that the accesslog backend has a 'logpurge' directive, but indeed I
would like to only purge log entries older than a year, so the log DB
will still get quite large.
I was wondering if anyone knew a way to perhaps have it "log an entry,
but only log it if there is already not a pre-existing entry of not more
than X days old" or something like that for the uid in question...? Or
maybe even something such that it logs a new entry and automatically
purges all other older entries that match the same uid?
Or even a better way?
Thanks for any thoughts/insight!