Remember last time user logged on

bstewart · November 13, 2018, 10:30pm

I am wondering about having XWiki remember the last time a user logged on - a “last logon time” attribute.

This can be retrieved in Active Directory by syncing the lastLogonTimestamp attribute, but that value is a large-integer (number of 100-nanosecond intervals since Jan 1 1601 UTC). This can be converted to a local datetime in in PowerShell by saying [DateTime]::FromFileTime(value), but I don’t see a way to convert this directly in XWiki. (Perhaps there’s a way using Custom Display with the retrieved value?)

It seems it would be quite useful to know the last logon times of users - particularly in cases where there is a requirement (internal site) to automatically disable/remove old users.

Thoughts?

Bill

tmortagne · November 14, 2018, 8:33am

In theory this kind of data would be stored in a Date field in XWiki. Now the problem is that the LDAP authenticator will have no idea how to convert the custom big integer on AD side to a Date without some help.

bstewart · November 14, 2018, 3:05pm

@tmortagne You are correct - this would be of use only for people using LDAP with Active Directory (not generic), and would not be of use for people not using AD.

For these reasons, it would seem that it makes sense for XWiki to record logon times itself (rather than relying on external source).

This would open the possibility of querying for old accounts (and disable or remove?) even if not using LDAP.

What do you think?

tmortagne · November 15, 2018, 9:32am

It’s definitely a feature that would make sense yes. Now it depends if you want the last time the user logged in XWiki or the last time the user logged in in LDAP (in case several applications using this LDAP server).

On the other hand we do need to improve the design of the user sync feature to allow custom converters. We already have one in practice for the image but it’s quite hardcoded right now which is not very nice.

bstewart · November 15, 2018, 3:11pm

It’s definitely a feature that would make sense yes. Now it depends if you want the last time the user logged in XWiki or the last time the user logged in in LDAP (in case several applications using this LDAP server).

It would be good to provide the option of using either.

On the other hand we do need to improve the design of the user sync feature to allow custom converters. We already have one in practice for the image but it’s quite hardcoded right now which is not very nice.

Sounds good! I would suggest the AD large integer timestamp (100-nanosecond intervals since 1 Jan 1601 UTC) would be a good use case and common.

Thanks!

tmortagne · November 15, 2018, 4:21pm

The best is to create an issue on https://jira.xwiki.org/browse/LDAP so that we don’t forget about it. That being said I can’t promise that anyone will work on it any time soon.

bstewart · November 27, 2018, 4:28am

Issue is logged:

https://jira.xwiki.org/browse/XWIKI-15890

tmortagne · November 27, 2018, 5:13pm

Thanks.