Girish,
What you are seeing is normal. Directory stores time in Zulu (aka GMT) format. Depending on what your application supports, that is what you see as an end user compare to what Directory is storing.
e.g. considering any thing that connects to Directory DSA is application, see following examples from LDAP browser where JXplorer doesn't convert the time value in normal (local time format.. and simply shows what is stored in DSA) while Apache Studio LDAP browser has a built-in function to covert and does so.
Same entry from two different browsers:
JXplorer:Apache Studio:
In short, this is dependent on app in use. As Rinat pointed out, if you application doesn't convert from GMT to local time, you may want to use alternatives (e.g. scripting) to achieve your end goal.
Hope this helps.
~Hitesh
Original Message:
Sent: 06-17-2021 08:13 AM
From: Girish Chandra
Subject: Wrong Time attribute saving in User Directory
Hello Rinat,
Thanks for your reply. We are displaying user last login time in application, now customer wants to change time zone means IST.
User last login time saving in User Directory as 20210617114830Z<IP>, in application time displaying Last Login: Thu Jun 17 11:48:30 IST 2021.
But actually user last login is 05:18PM. This is our requirement, is this possible to achieve..?
Regards,
Girish Chandra
Original Message:
Sent: 06-17-2021 07:20 AM
From: Rinat Matityahu
Subject: Wrong Time attribute saving in User Directory
Hi Girish
As per https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/advanced-password-services-configuration/user-directories-schema-storage-and-capabilities/schema-amp-storage.html
All dates and times are in Greenwich (ZULU) time zone. This eliminates all complications of multiple policy/web servers in different time zones and daylight savings time. These values are stored in the format:
LDAP Type: cis/Single Valued
LDAP OID: 1.3.6.1.4.1.2552.1.1.9.15
Format:
<date/time> <IP address>
Examples: 20010307175245Z 192.168.42.10
This attribute holds the most recent login date and time (and IP address, if available, though it is not reliable).
Sites should not modify this value. It is used for inactivity calculations.
This field is required for proper APS operation.
We would therefore advice against any changes. This attribute is being generated by SSO so you might want to try the relevant community for further information, however as per the documentation, this is unlikely to be possible
Regards
Rinat
Original Message:
Sent: 06-16-2021 04:44 AM
From: Girish Chandra
Subject: Wrong Time attribute saving in User Directory
Hello Team,
We are using CA directory as user store. Wrong time saving in smapsLastLogin attribute in User Directory.
We need to change that time zone against smapsLastLogin attribute in UD.
Please need help on this.
Regards,
Girish Chandra