The Last Access Time Plugin may be used to update the ds-last-access-time attribute in an entry whenever it is accessed by an add, bind, compare, modify, modify DN, and/or search operation.
The Last Access Time Plugin component inherits from the Plugin
The following components have a direct aggregation relation from Last Access Time Plugins:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | invoke-for-internal-operations |
| enabled | |
| max-update-frequency | |
| operation-type | |
| invoke-for-failed-binds | |
| max-search-result-entries-to-update | |
| request-criteria |
| Description | A description for this Plugin |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the plug-in is enabled for use. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the maximum frequency with which last access time values should be written for an entry. This may help limit the rate of internal write operations processed in the server. The last access time will always be updated for every add, modify, and modify DN operation, but updating the last access time for every read (e.g., for bind, search, and compare operations) may be prohibitively expensive. Specifying a nonzero update frequency makes it possible to limit the rate at which the last access time may be updated for read operations by only updating the access time for an entry if that entry did not already have a recent access time. Note that if a nonzero update frequency is specified, then the last access time value stored in a user's entry may not always be accurate, but instead may reflect the oldest time within a range of times during which the last access occurred. For example, if the max-update-frequency is set to 7 days, then a last access time value of 20130101000000.000Z may actually indicate that the last access to the entry may have been any time between that time and 20130108000000.000Z. |
| Default Value | 1d |
| Allowed Values | A duration. Lower limit is 0 milliseconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the types of operations that should result in access time updates. |
| Default Value | add bind compare modify modify-dn search |
| Allowed Values | add - Include the last access time in new entries added to the server. bind - Update the last access time for bind operations. The invoke-for-failed-binds property controls whether to update only for successful attempts or for all attempts in which the user can be identified. The access time will be updated before returning the response to the client, along with other password policy updates for the target entry. compare - Update the last access time for successful compare operations (i.e., those with either a COMPARE_TRUE or COMPARE_FALSE result). Note that the access time for the target entry will not be updated until after the compare response has been returned to the client. modify - Update the last access time for successful modify operations. The access time update will be included with the other changes for the modify operation. modify-dn - Update the last access time for successful modify DN operations. The access time update will be included with the other changes for the modify DN operation. search - Update the last access time for search result entries returned to the client. The maximum number of entries to update for any search operation is controlled by the max-search-entries-to-update property. Note that the access time for search result entries will not be updated until after the search result done response has been returned to the client. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether to update the last access time for an entry targeted by a bind operation if the bind is unsuccessful. |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
max-search-result-entries-to-update
| Description | Specifies the maximum number of entries that should be updated in a search operation. Only search result entries actually returned to the client may have their last access time updated, but because a single search operation may return a very large number of entries, the plugin will only update entries if no more than a specified number of entries are updated. Selecting a large value for this property may severely degrade server performance, and may cause worker threads to be tied up processing access time updates so that they will not be readily available for processing client requests. If you wish to increase the value for this property, then it is strongly recommended that you test the server with the desired setting in a non-production environment with the anticipated workload to understand the potential performance impact and to identify any other adjustments that may need to be made to the server configuration (e.g., to increase the number of worker threads to avoid starvation). |
| Default Value | 10 |
| Allowed Values | An integer value. Lower limit is 1. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies a set of request criteria that may be used to indicate whether to apply access time updates for the associated operation. If a request-criteria value is specified, then access time updates will only be processed for operations matching that criteria. This can be useful if you wish to update the access time only for requests coming from specific clients or applications (or to prevent operations from certain clients or applications from triggering access time updates). |
| Default Value | None |
| Allowed Values | The DN of any Request Criteria. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
invoke-for-internal-operations (Advanced Property)
| Description | Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operations that can cause the same plug-in to be re-invoked. |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Plugins:
dsconfig list-plugins
[--property {propertyName}] ...
To view the configuration for an existing Plugin:
dsconfig get-plugin-prop
--plugin-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Plugin:
dsconfig set-plugin-prop
--plugin-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...