[Date Prev][Date Next] [Chronological] [Thread] [Top]

Active Directory caching

Hi All,

I'm looking for some references/answers as to how OpenLDAP and Active
Directory work with regards to caching.

The scenario I'm seeing is this:

I have Apache on a RHEL5 machine authenticating users via LDAP. Its set
to cache for 600s, so I dont overload the server unnecessarily.

What I'm seeing though, is that something somewhere is caching old
passwords. I can change the users password several times, and LDAP will
authenticate using any of the passwords previously used.  I've tried
some timing tests of my own, and it seems that it takes up to 50mins for
me first password change to take effect (an odd time to me).

So I'm trying to figure out whos caching the other passwords, is it
LDAP, or is it AD ? And if so where are the settings to look at? And
what timers are involved?   I actually don't mind the idea of caching
older passwords, but only so long as I know how long it will be for, and
what mechanism is doing it, then I can change it if need be.

I'm setting these directives (taken straight from the Apache examples).

LDAPSharedCacheSize 200000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600

My setups quite simple.  Ive one Domain Controller. No proxies involved.

I've read what I can online, and am getting stuck.