File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Other JSE/JEE APIs and the fly likes LDAP Java client - Old password being cached Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Other JSE/JEE APIs
Bookmark "LDAP Java client - Old password being cached " Watch "LDAP Java client - Old password being cached " New topic
Author

LDAP Java client - Old password being cached

Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10263
    
168

We have an application which is trying to do LDAP authentication. We are using Active Directory for the same. The code is pretty simple and works fine:
User is able to login successfully with the correct password. However if the user's password is changed on the LDAP server, the above code is still able to login the user with the old password as well as the new password. Looks like some caching is coming into picture. Initially, i thought that this behaviour has something to do with the com.sun.jndi.ldap.connect.pool value being set to true in the code, but this tutorial mentions that the connection pool is per JVM, so i am not sure how caching would be done across JVMs. All the same we even tried setting that value to false, but the results are the same. The user is able to login with the old password as well as the new password. Any idea as to what setting has to used to prevent this behaviour.

P.S: I am not sure whether this is the right forum to post this question but couldnt find a more appropriate one. If the moderators think there's a better forum where this could be answered, please move it there.


[My Blog] [JavaRanch Journal]
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10263
    
168

After much googling, found these 2 links which mention that this issue relates to Active Directory being installed on Windows Server 2003 SP1 or higher versions:

Section "Password change issue with Active Directory on Windows 2003" at:
Issue with password change in Active Directory

Article at Microsoft Support

Apparently, the registry has to be changed to change the old password timeout value. Havent been able to find a programatic way of doing this.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: LDAP Java client - Old password being cached