[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP, MS AD and SASLauthd

To: OSHIM <mhoshim@gmail.com>
Subject: Re: OpenLDAP, MS AD and SASLauthd
From: Jonathan Clarke <jonathan@phillipoux.net>
Date: Fri, 23 Jul 2010 11:50:19 +0200
Cc: openldap-technical@openldap.org
In-reply-to: <73A2CA6D-884E-4AF8-97F9-E7C8C07067B3@gmail.com>
References: <73A2CA6D-884E-4AF8-97F9-E7C8C07067B3@gmail.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.1.11) Gecko/20100711 Lightning/1.0b1 Thunderbird/3.0.6

On 23/07/2010 10:36, OSHIM wrote:

hi all,
i configured two systems for OpenLDAP authentication with MS AD, I have used SASLauthd between them. one is on debian and another one is on centos.
But I am getting a strange problem. If I change my user password on MS AD then OpenLDAP on debian can authenticate the old passwd and the new passwd, after 1 hr the old passwd does npt get valid.
and on centos Openldap can recognize the new passwd of MS AD if I change the user passwd twice at a time then the old passwd does not get valid.

Anyone have got this problem? Any solution? Please help.

While this is really not related to OpenLDAP, I can tell you that thisis a "feature" in Active Directory - it keeps the old password valid forone hour (by default, it's configurable).

This, and other weirdness, is described at:http://lsc-project.org/wiki/documentation/1.2/howtos/activedirectory#pitfalls


Jonathan
--
--------------------------------------------------------------
Jonathan Clarke - jonathan@phillipoux.net
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------

References:
- OpenLDAP, MS AD and SASLauthd
  - From: OSHIM <mhoshim@gmail.com>

Prev by Date: OpenLDAP, MS AD and SASLauthd
Next by Date: Global shadowMax and shadowMin
Index(es):
- Chronological
- Thread