Users unexpectedly disabled by last activity date dxPwdLoginTime

book

Article ID: 141986

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

 

A custom bulk task for disabling users by last login date unexpectedly disables too many users. We found out that, dxPwdLoginTime stamp is showing last years date for these users even though these users had logged into the system as recently as a few days ago,

We need to understand how the value is being stored as 2018 even though users had logged in last week as well.

 

Resolution

By default in vAPP, the well-known attribute %LAST_LOGIN_DATE%, which is mapped to the physical attribute imLastLoginDate, is the one that tracks login date.

The IDM application does not use dxPwdLoginTime unless you've customized CA Directory with a password policy or you somehow use dxPwdLoginTime in your customized Disable Inactive User task.

Normally, if you are tracking last logins you should be looking at imLastLoginDate and using it in any custom tasks.