I hav some questions regarding how data is organized when using the
LDAP KDB plugin for a realm. I hope this is the right place to ask.

I have a Realm set-up using the LDAP backend. First thing is: when
querying a principal using kadmin, why attributes such as 'Last
[successful,failed] authentication' and 'Failed password attempts' are
never filled-up? After failing some authentication attempts I have the
Last modified: Fri Jun 06 16:24:09 BRT 2008 (klaus/admin@MYREALM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0

Also, where in the LDAP database is the 'last modified' attribute



Klaus Heinrich Kiwi
Linux Security Development, IBM Linux Technology Center