From: Howard Chu <hyc@openldap.org>
Date: Sat, 5 Feb 2011 00:13:56 +0000 (+0000)
Subject: Allocate ConfigOID, use ISODE authTimestamp schema
X-Git-Tag: MIGRATION_CVS2GIT~96
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=0403ca4f56633982be1b64178519fffff54819b3;p=openldap

Allocate ConfigOID, use ISODE authTimestamp schema
---

diff --git a/contrib/ConfigOIDs b/contrib/ConfigOIDs
index ebc1825b6c..a04675a3d7 100644
--- a/contrib/ConfigOIDs
+++ b/contrib/ConfigOIDs
@@ -4,3 +4,4 @@ OLcfgCt{Oc|At}:1	smbk5pwd
 OLcfgCt{Oc|At}:2	autogroup
 OLcfgCt{Oc|At}:3	nssov
 OLcfgCt{Oc|At}:4	cloak
+OLcfgCt{Oc|At}:5	lastbind
diff --git a/contrib/slapd-modules/lastbind/lastbind.c b/contrib/slapd-modules/lastbind/lastbind.c
index 1f624d2d4c..66342d9d80 100644
--- a/contrib/slapd-modules/lastbind/lastbind.c
+++ b/contrib/slapd-modules/lastbind/lastbind.c
@@ -37,43 +37,39 @@
 #include <ac/ctype.h>
 #include "config.h"
 
-// Per-instance configuration information
+/* Per-instance configuration information */
 typedef struct lastbind_info {
-	// precision to update timestamp in bindTimestamp attribute
+	/* precision to update timestamp in bindTimestamp attribute */
 	int timestamp_precision;
 } lastbind_info;
 
-// Operational attributes
-static AttributeDescription *ad_bindTimestamp;
+/* Operational attributes */
+static AttributeDescription *ad_authTimestamp;
 
-// TODO: use a real OID
-#define BASE_OID_AT "OLcfgCtAt:99"
-#define BASE_OID_OC "OLcfgCtOc:99"
+/* This is the definition used by ISODE, as supplied to us in
+ * ITS#6238 Followup #9
+ */
 static struct schema_info {
 	char *def;
 	AttributeDescription **ad;
 } lastBind_OpSchema[] = {
-	{	"( "
-		BASE_OID_AT
-		".1 "
-		"NAME ( 'bindTimestamp' ) "
-		"DESC 'The time the last successful bind occured' "
+	{	"( 1.3.6.1.4.1.453.16.2.188 "
+		"NAME 'authTimestamp' "
+		"DESC 'last successful authentication using any method/mech' "
 		"EQUALITY generalizedTimeMatch "
 		"ORDERING generalizedTimeOrderingMatch "
 		"SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
-		"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
-		&ad_bindTimestamp},
+		"SINGLE-VALUE NO-USER-MODIFICATION USAGE dsaOperation )",
+		&ad_authTimestamp},
 	{ NULL, NULL }
 };
 
-// configuration attribute and objectclass
+/* configuration attribute and objectclass */
 static ConfigTable lastbindcfg[] = {
 	{ "lastbind-precision", "seconds", 2, 2, 0,
 	  ARG_INT|ARG_OFFSET,
 	  (void *)offsetof(lastbind_info, timestamp_precision),
-	  "( "
-	  BASE_OID_AT
-	  ".2 "
+	  "( OLcfgAt:5.1 "
 	  "NAME 'olcLastBindPrecision' "
 	  "DESC 'Precision of bindTimestamp attribute' "
 	  "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
@@ -81,9 +77,7 @@ static ConfigTable lastbindcfg[] = {
 };
 
 static ConfigOCs lastbindocs[] = {
-	{ "( "
-	  BASE_OID_OC
-	  ".1 "
+	{ "( OLcfgOc:5.1 "
 	  "NAME 'olcLastBindConfig' "
 	  "DESC 'Last Bind configuration' "
 	  "SUP olcOverlayConfig "
@@ -121,7 +115,7 @@ lastbind_bind_response( Operation *op, SlapReply *rs )
 		return SLAP_CB_CONTINUE;
 	}
 
-	// we're only interested if the bind was successful
+	/* we're only interested if the bind was successful */
 	if ( rs->sr_err == LDAP_SUCCESS ) {
 		lastbind_info *lbi = (lastbind_info *) op->o_callback->sc_private;
 
@@ -135,7 +129,7 @@ lastbind_bind_response( Operation *op, SlapReply *rs )
 		now = slap_get_time();
 
 		// get bindTimestamp attribute, if it exists
-		if ((a = attr_find( e->e_attrs, ad_bindTimestamp)) != NULL) {
+		if ((a = attr_find( e->e_attrs, ad_authTimestamp)) != NULL) {
 			bindtime = parse_time( a->a_nvals[0].bv_val );
 
 			if (bindtime != (time_t)-1) {
@@ -155,8 +149,8 @@ lastbind_bind_response( Operation *op, SlapReply *rs )
 		m = ch_calloc( sizeof(Modifications), 1 );
 		m->sml_op = LDAP_MOD_REPLACE;
 		m->sml_flags = 0;
-		m->sml_type = ad_bindTimestamp->ad_cname;
-		m->sml_desc = ad_bindTimestamp;
+		m->sml_type = ad_authTimestamp->ad_cname;
+		m->sml_desc = ad_authTimestamp;
 		m->sml_numvals = 1;
 		m->sml_values = ch_calloc( sizeof(struct berval), 2 );
 		m->sml_nvalues = ch_calloc( sizeof(struct berval), 2 );
diff --git a/contrib/slapd-modules/lastbind/slapo-lastbind.5 b/contrib/slapd-modules/lastbind/slapo-lastbind.5
index e8a06ee9cd..81569b33b3 100644
--- a/contrib/slapd-modules/lastbind/slapo-lastbind.5
+++ b/contrib/slapd-modules/lastbind/slapo-lastbind.5
@@ -11,12 +11,12 @@ overlay to
 .BR slapd (8)
 allows recording the timestamp of the last successful bind to entries
 in the directory, in the
-.B bindTimestamp
+.B authTimestamp
 attribute.
 The overlay can be configured to update this timestamp only if it is
 older than a given value, thus avoiding large numbers of write
 operations penalizing performance.
-One sample use for this would be to detect unused accounts.
+One sample use for this overlay would be to detect unused accounts.
 
 .SH CONFIGURATION
 The config directives that are specific to the
@@ -46,21 +46,21 @@ directive:
 The value 
 .B <seconds>
 is the number of seconds after which to update the
-.B bindTimestamp
+.B authTimestamp
 attribute in an entry. If the existing value of
-.B bindTimestamp
+.B authTimestamp
 is less than 
 .B <seconds>
 old, it will not be changed. 
 If this configuration option is omitted, the
-.B bindTimestamp
+.B authTimestamp
 attribute is updated on each successful bind operation.
 
 .SH EXAMPLE
 This example configures the
 .B lastbind
 overlay to store
-.B bindTimestamp
+.B authTimestamp
 in all entries in a database, with a 1 week precision.
 Add the following to
 .BR slapd.conf (5):