Fórum

  1. Início
  2. Development
  3. LR7: Last logon date not updated in LDAP (MS AD) after login in Liferay

LR7: Last logon date not updated in LDAP (MS AD) after login in Liferay

Kim Zeevaarders, modificado 7 Anos atrás.

LR7: Last logon date not updated in LDAP (MS AD) after login in Liferay

Junior Member Postagens: 82 Data de Entrada: 07/09/12 Postagens Recentes
Hello,

I configured Liferay to use the LDAP for authentiction.This all works fine with one exception that is giving me trouble the last days:

After the user logs in to Liferay the last logon date in the AD is not updated. As a consequence my company recently deleted a lot of "inactive" users from the AD that actually worked with Liferay on a regular basis.

I looked through the documentation and learned that although the credentials are imported in the liferay db during the LDAP import, they are only used when the AD is down. So in a normal scenario authentication is really done against the LDAP. So, in this case, I would expect the last login date to be updated in the AD. Hoewever, it's not...

Am I right about this? Can I fix this on either the AD or the Liferay side?

Hope to hear from you!

Regards,

Kim
thumbnail
Samuel Kong, modificado 7 Anos atrás.

RE: LR7: Last logon date not updated in LDAP (MS AD) after login in Liferay

Liferay Legend Postagens: 1902 Data de Entrada: 10/03/08 Postagens Recentes
You'll probably need to do some customization on the the portal side. The portal will not update AD's last logon date OOTB.
Kim Zeevaarders, modificado 7 Anos atrás.

RE: LR7: Last logon date not updated in LDAP (MS AD) after login in Liferay

Junior Member Postagens: 82 Data de Entrada: 07/09/12 Postagens Recentes
Hi Samuel,

Thx for the confirmation, i'll guess i'll dive into this then emoticon

Is it possible for you to also to give a reaction on this post of me: WEBDAV problem

This problem is giving us quite a headache and is a potential reason for the busines to stop using liferay.

If someone from the Liferay staff can confirm the problem i can then crate a ticket for it, hoping it gets solved in the next CE release of Liferay...

Regards,

Kim
thumbnail
Christoph Rabel, modificado 7 Anos atrás.

RE: LR7: Last logon date not updated in LDAP (MS AD) after login in Liferay

Liferay Legend Postagens: 1554 Data de Entrada: 24/09/09 Postagens Recentes
Liferay can't "fix" this at all. LastLogon attributes are set by the system. You just CAN'T edit it them the outside.

I think you misunderstand what these attributes do and believe that because the are called "last logon date"-something they actually show the last logon date of the user.

Please see here and follow the links to the description of the various attributes:
https://social.technet.microsoft.com/Forums/office/en-US/1ae08081-dcfe-44cd-bc3b-f5ac26d53f76/difference-between-lastlogon-and-lastlogontimestamp?forum=winserverDS
Note: Read the remarks for the attributes.
Kim Zeevaarders, modificado 7 Anos atrás.

RE: LR7: Last logon date not updated in LDAP (MS AD) after login in Liferay

Junior Member Postagens: 82 Data de Entrada: 07/09/12 Postagens Recentes
Hi Cristoph,

I think you misunderstand what these attributes do and believe that because the are called "last logon date"-something they actually show the last logon date of the user.


I don't quite understand what you are saying. In our current situation, if an employee logs in to his windows machine (effectivly logging into the domain), the last logon date attribute IS updated in the AD. Therefore it is a valueable attribute in determining if a user is "active".

Because this is not the case when logging into liferay, we accidentely deleted a lot of users from our AD since they were marked as inactive because they never logged into the domain. However, they WERE using Liferay on a regular basis.

I'm only looking for a way to force the AD to update this (or any custom) attribute when authenticating from within Liferay. If it's not possbile to fix from Liferay, do you know perhaps how we could trigger such an update on the AD side?

Possibly we could add a custom attribute to the Person record in the AD (last-lferay-login perhaps) and update this value from within Liferay after a succesfull liferay login.

Hope to hear from you.

Regards,

Kim
thumbnail
Samuel Kong, modificado 7 Anos atrás.

RE: LR7: Last logon date not updated in LDAP (MS AD) after login in Liferay

Liferay Legend Postagens: 1902 Data de Entrada: 10/03/08 Postagens Recentes
Hi Kim

When a user signs in on Liferay Portal, the user is not really signing into AD. The Portal makes uses of the AD's LDAP feature to check the user's password. So most likely, the user has never logon according to AD.

If you're unable to update the AD's LastLogon attribute as Christoph mentioned (I'm not an expert in AD), then you'll need to come up with an alternative such as the last-liferay-login attribute solution you mentioned.
Chanki Choudhary, modificado 7 Anos atrás.

RE: LR7: Last logon date not updated in LDAP (MS AD) after login in Liferay

New Member Postagens: 3 Data de Entrada: 22/03/17 Postagens Recentes
Hi Kim,

I am also facing same issue, last logon is not getting updated in AD resulting in deletion of lots of users assuming they are inactive. Please let me know in case you find any solution.

Regards
Chanki Choudhary