Hi All,
I'm looking for some references/answers as to how OpenLDAP and Active Directory work with regards to caching.
The scenario I'm seeing is this:
I have Apache on a RHEL5 machine authenticating users via LDAP. Its set to cache for 600s, so I dont overload the server unnecessarily.
What I'm seeing though, is that something somewhere is caching old passwords. I can change the users password several times, and LDAP will authenticate using any of the passwords previously used. I've tried some timing tests of my own, and it seems that it takes up to 50mins for me first password change to take effect (an odd time to me).
So I'm trying to figure out whos caching the other passwords, is it LDAP, or is it AD ? And if so where are the settings to look at? And what timers are involved? I actually don't mind the idea of caching older passwords, but only so long as I know how long it will be for, and what mechanism is doing it, then I can change it if need be.
I'm setting these directives (taken straight from the Apache examples).
LDAPSharedCacheSize 200000 LDAPCacheEntries 1024 LDAPCacheTTL 600 LDAPOpCacheEntries 1024 LDAPOpCacheTTL 600
My setups quite simple. Ive one Domain Controller. No proxies involved.
I've read what I can online, and am getting stuck.
Thanks,
Adrian