hi all, i configured two systems for OpenLDAP authentication with MS AD, I have used SASLauthd between them. one is on debian and another one is on centos. But I am getting a strange problem. If I change my user password on MS AD then OpenLDAP on debian can authenticate the old passwd and the new passwd, after 1 hr the old passwd does npt get valid. and on centos Openldap can recognize the new passwd of MS AD if I change the user passwd twice at a time then the old passwd does not get valid.
Anyone have got this problem? Any solution? Please help.
Thanks Oshim
On 23/07/2010 10:36, OSHIM wrote:
hi all, i configured two systems for OpenLDAP authentication with MS AD, I have used SASLauthd between them. one is on debian and another one is on centos. But I am getting a strange problem. If I change my user password on MS AD then OpenLDAP on debian can authenticate the old passwd and the new passwd, after 1 hr the old passwd does npt get valid. and on centos Openldap can recognize the new passwd of MS AD if I change the user passwd twice at a time then the old passwd does not get valid.
Anyone have got this problem? Any solution? Please help.
While this is really not related to OpenLDAP, I can tell you that this is a "feature" in Active Directory - it keeps the old password valid for one hour (by default, it's configurable).
This, and other weirdness, is described at: http://lsc-project.org/wiki/documentation/1.2/howtos/activedirectory#pitfall...
Jonathan
openldap-technical@openldap.org
-
Jonathan Clarke -
OSHIM