[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP, MS AD and SASLauthd



On 23/07/2010 10:36, OSHIM wrote:
hi all,
i configured two systems for OpenLDAP authentication with MS AD, I have used SASLauthd between them. one is on debian and another one is on centos.
But I am getting a strange problem. If I change my user password on MS AD then OpenLDAP on debian can authenticate the old passwd and the new passwd, after 1 hr the old passwd does npt get valid.
and on centos Openldap can recognize the new passwd of MS AD if I change the user passwd twice at a time then the old passwd does not get valid.

Anyone have got this problem? Any solution? Please help.

While this is really not related to OpenLDAP, I can tell you that this is a "feature" in Active Directory - it keeps the old password valid for one hour (by default, it's configurable).

This, and other weirdness, is described at: http://lsc-project.org/wiki/documentation/1.2/howtos/activedirectory#pitfalls

Jonathan
--
--------------------------------------------------------------
Jonathan Clarke - jonathan@phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------