From Slapd version 2.6 LastBind is no longer configured as an overlay, rather configuring it directly through the bakend file is recommended.

The lastbind can be used to detect unused accounts. It allows for recording timestamps of the last successful BIND in the pwdLastSuccess attribute. To avoid large numbers of WRITE operations and slowing down the performance the smalles difference in the timestamp can be configured as well.

Configuration (cn=config)

LastBind is configured in the database section of the configuration fil

• olcLastBind: TRUE | FALSE
  
  Controls whether slapd will automatically maintain the pwdLastSuccess attribute for entries. By default, olcLastBind is FALSE.
   
• olcLastBindPrecision: <integer>
  
  use this directive to specify how often the pwdLastSuccess should be updated. The integer specifies the number of seconds between the operations.

Configuration (slapd.conf)

• lastbind on | of       
• lastbind-precision <integer>

In case of replication, in order to forward updates from the consumer to the provider, overlay chain and updateref need to be configured on the consumer.

LastBind overlay configuration (not preferred from 2.6 onward)

• in the global section of the config load the module

moduleload  lastbind.la

• in the database specific section add the directive:

overlay lastbind

• to configure the number of seconds after which the new update can be done:

lastbind-precision

Example where the authTimestamp will be updated after a week:

overlay lastbind
lastbind-precision 604800

Note that any configuration specifications have to be added AFTER the overlay directive is declared.

• setting for the replication consumer to forward the updates to the consumer instead of writing them to the consumer's database

lastbind_forward_updates

Chaining and updateref need to be configured on the consumer.

For more information on LastBind overlay see Configure LastBind.