https://bugs.openldap.org/show_bug.cgi?id=9881
--- Comment #1 from Ondřej Kuzník <on...@mistotebe.net> --- On Fri, Jul 08, 2022 at 06:53:01PM +0000, openldap-...@openldap.org wrote: > It would be useful to add similar functionality for SASL binds. > > This can be useful information that allows one to tell if an object is being > actively authenticated to (generally, users and system accounts, etc). > Obviously if something is directly mapped to an identity that doesn't exist in > the underlying DB, that cannot be tracked. Arguably, you might want to track the use of their identity via proxyauthz control in the same way. A proposal as to how this should be tracked (pwdLastSuccess or a separate attribute?) and whether this should interact with any policy since pwdLastSuccess is used in *password* idle checks and the password might not have been involved here. -- You are receiving this mail because: You are on the CC list for the issue.