Symantec IGA

Hello Team,

We are using CA directory as user store. Wrong time saving in smapsLastLogin attribute in User Directory.

We need to change that time zone against smapsLastLogin attribute in UD.

Please need help on this.

Regards,
Girish Chandra

Hi Girish

As per https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/advanced-password-services-configuration/user-directories-schema-storage-and-capabilities/schema-amp-storage.html


We would therefore advice against any changes. This attribute is being generated by SSO so you might want to try the relevant community for further information, however as per the documentation, this is unlikely to be possible
Regards
Rinat
Original Message:
Sent: 06-16-2021 04:44 AM
From: Girish Chandra
Subject: Wrong Time attribute saving in User Directory

Hello Team,

We are using CA directory as user store. Wrong time saving in smapsLastLogin attribute in User Directory.

We need to change that time zone against smapsLastLogin attribute in UD.

Please need help on this.

Regards,
Girish Chandra

Hello Rinat,

Thanks for your reply. We are displaying user last login time in application, now customer wants to change time zone means IST.
User last login time saving in User Directory as 20210617114830Z<IP>, in application time displaying Last Login: Thu Jun 17 11:48:30 IST 2021.
But actually user last login is 05:18PM. This is our requirement, is this possible to achieve..?

Regards,
Girish Chandra
Original Message:
Sent: 06-17-2021 07:20 AM
From: Rinat Matityahu
Subject: Wrong Time attribute saving in User Directory

Hi Girish

As per https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/advanced-password-services-configuration/user-directories-schema-storage-and-capabilities/schema-amp-storage.html

Date Format

All dates and times are in Greenwich (ZULU) time zone. This eliminates all complications of multiple policy/web servers in different time zones and daylight savings time. These values are stored in the format:

smapsLastLogin

LDAP Type: cis/Single Valued

LDAP OID: 1.3.6.1.4.1.2552.1.1.9.15

RDBMS Type: character

Max Length: 32

suppressible: No

Format:

<date/time> <IP address>

Examples: 20010307175245Z 192.168.42.10

This attribute holds the most recent login date and time (and IP address, if available, though it is not reliable).

Sites should not modify this value. It is used for inactivity calculations.

This field is required for proper APS operation.

We would therefore advice against any changes. This attribute is being generated by SSO so you might want to try the relevant community for further information, however as per the documentation, this is unlikely to be possible
Regards
Rinat
Original Message:
Sent: 06-16-2021 04:44 AM
From: Girish Chandra
Subject: Wrong Time attribute saving in User Directory

Hello Team,

We are using CA directory as user store. Wrong time saving in smapsLastLogin attribute in User Directory.

We need to change that time zone against smapsLastLogin attribute in UD.

Please need help on this.

Regards,
Girish Chandra

While I am not certain re the specific application used for the display of this value, you might choose to convert the stored date / time using javascript logic or similar, to display it according to the specific time zone.
Some examples
https://stackoverflow.com/questions/6525538/convert-utc-date-time-to-local-date-time

Original Message:
Sent: 06-17-2021 08:13 AM
From: Girish Chandra
Subject: Wrong Time attribute saving in User Directory

Hello Rinat,

Thanks for your reply. We are displaying user last login time in application, now customer wants to change time zone means IST.
User last login time saving in User Directory as 20210617114830Z<IP>, in application time displaying Last Login: Thu Jun 17 11:48:30 IST 2021.
But actually user last login is 05:18PM. This is our requirement, is this possible to achieve..?

Regards,
Girish Chandra
Original Message:
Sent: 06-17-2021 07:20 AM
From: Rinat Matityahu
Subject: Wrong Time attribute saving in User Directory

Hi Girish

As per https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/advanced-password-services-configuration/user-directories-schema-storage-and-capabilities/schema-amp-storage.html

Date Format

All dates and times are in Greenwich (ZULU) time zone. This eliminates all complications of multiple policy/web servers in different time zones and daylight savings time. These values are stored in the format:

smapsLastLogin

LDAP Type: cis/Single Valued

LDAP OID: 1.3.6.1.4.1.2552.1.1.9.15

RDBMS Type: character

Max Length: 32

suppressible: No

Format:

<date/time> <IP address>

Examples: 20010307175245Z 192.168.42.10

This attribute holds the most recent login date and time (and IP address, if available, though it is not reliable).

Sites should not modify this value. It is used for inactivity calculations.

This field is required for proper APS operation.

We would therefore advice against any changes. This attribute is being generated by SSO so you might want to try the relevant community for further information, however as per the documentation, this is unlikely to be possible
Regards
Rinat
Original Message:
Sent: 06-16-2021 04:44 AM
From: Girish Chandra
Subject: Wrong Time attribute saving in User Directory

Hello Team,

We are using CA directory as user store. Wrong time saving in smapsLastLogin attribute in User Directory.

We need to change that time zone against smapsLastLogin attribute in UD.

Please need help on this.

Regards,
Girish Chandra

Girish,
What you are seeing is normal. Directory stores time in Zulu (aka GMT) format. Depending on what your application supports, that is what you see as an end user compare to what Directory is storing.

e.g. considering any thing that connects to Directory DSA is application, see following examples from LDAP browser where JXplorer doesn't convert the time value in normal (local time format.. and simply shows what is stored in DSA) while Apache Studio LDAP browser has a built-in function to covert and does so.

Same entry from two different browsers:

JXplorer:



Apache Studio:


In short, this is dependent on app in use. As Rinat pointed out, if you application doesn't convert from GMT to local time, you may want to use alternatives (e.g. scripting) to achieve your end goal.

Hope this helps.

~Hitesh
Original Message:
Sent: 06-17-2021 08:13 AM
From: Girish Chandra
Subject: Wrong Time attribute saving in User Directory

Hello Rinat,

Thanks for your reply. We are displaying user last login time in application, now customer wants to change time zone means IST.
User last login time saving in User Directory as 20210617114830Z<IP>, in application time displaying Last Login: Thu Jun 17 11:48:30 IST 2021.
But actually user last login is 05:18PM. This is our requirement, is this possible to achieve..?

Regards,
Girish Chandra
Original Message:
Sent: 06-17-2021 07:20 AM
From: Rinat Matityahu
Subject: Wrong Time attribute saving in User Directory

Hi Girish

As per https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/advanced-password-services-configuration/user-directories-schema-storage-and-capabilities/schema-amp-storage.html

Date Format

All dates and times are in Greenwich (ZULU) time zone. This eliminates all complications of multiple policy/web servers in different time zones and daylight savings time. These values are stored in the format:

smapsLastLogin

LDAP Type: cis/Single Valued

LDAP OID: 1.3.6.1.4.1.2552.1.1.9.15

RDBMS Type: character

Max Length: 32

suppressible: No

Format:

<date/time> <IP address>

Examples: 20010307175245Z 192.168.42.10

This attribute holds the most recent login date and time (and IP address, if available, though it is not reliable).

Sites should not modify this value. It is used for inactivity calculations.

This field is required for proper APS operation.

We would therefore advice against any changes. This attribute is being generated by SSO so you might want to try the relevant community for further information, however as per the documentation, this is unlikely to be possible
Regards
Rinat
Original Message:
Sent: 06-16-2021 04:44 AM
From: Girish Chandra
Subject: Wrong Time attribute saving in User Directory

Hello Team,

We are using CA directory as user store. Wrong time saving in smapsLastLogin attribute in User Directory.

We need to change that time zone against smapsLastLogin attribute in UD.

Please need help on this.

Regards,
Girish Chandra

And if you use GMT to IST time conversion tool (using example time you provided), you can see/confirm nothing is wrong:

i.e.
https://savvytime.com/converter/gmt-to-ist


Original Message:
Sent: 06-18-2021 10:26 AM
From: HITESH PATEL
Subject: Wrong Time attribute saving in User Directory

Girish,
What you are seeing is normal. Directory stores time in Zulu (aka GMT) format. Depending on what your application supports, that is what you see as an end user compare to what Directory is storing.

e.g. considering any thing that connects to Directory DSA is application, see following examples from LDAP browser where JXplorer doesn't convert the time value in normal (local time format.. and simply shows what is stored in DSA) while Apache Studio LDAP browser has a built-in function to covert and does so.

Same entry from two different browsers:

JXplorer:



Apache Studio:


In short, this is dependent on app in use. As Rinat pointed out, if you application doesn't convert from GMT to local time, you may want to use alternatives (e.g. scripting) to achieve your end goal.

Hope this helps.

~Hitesh
Original Message:
Sent: 06-17-2021 08:13 AM
From: Girish Chandra
Subject: Wrong Time attribute saving in User Directory

Hello Rinat,

Thanks for your reply. We are displaying user last login time in application, now customer wants to change time zone means IST.
User last login time saving in User Directory as 20210617114830Z<IP>, in application time displaying Last Login: Thu Jun 17 11:48:30 IST 2021.
But actually user last login is 05:18PM. This is our requirement, is this possible to achieve..?

Regards,
Girish Chandra
Original Message:
Sent: 06-17-2021 07:20 AM
From: Rinat Matityahu
Subject: Wrong Time attribute saving in User Directory

Hi Girish

As per https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/advanced-password-services-configuration/user-directories-schema-storage-and-capabilities/schema-amp-storage.html

Date Format

All dates and times are in Greenwich (ZULU) time zone. This eliminates all complications of multiple policy/web servers in different time zones and daylight savings time. These values are stored in the format:

smapsLastLogin

LDAP Type: cis/Single Valued

LDAP OID: 1.3.6.1.4.1.2552.1.1.9.15

RDBMS Type: character

Max Length: 32

suppressible: No

Format:

<date/time> <IP address>

Examples: 20010307175245Z 192.168.42.10

This attribute holds the most recent login date and time (and IP address, if available, though it is not reliable).

Sites should not modify this value. It is used for inactivity calculations.

This field is required for proper APS operation.

We would therefore advice against any changes. This attribute is being generated by SSO so you might want to try the relevant community for further information, however as per the documentation, this is unlikely to be possible
Regards
Rinat
Original Message:
Sent: 06-16-2021 04:44 AM
From: Girish Chandra
Subject: Wrong Time attribute saving in User Directory

Hello Team,

We are using CA directory as user store. Wrong time saving in smapsLastLogin attribute in User Directory.

We need to change that time zone against smapsLastLogin attribute in UD.

Please need help on this.

Regards,
Girish Chandra