We have an application which is trying to do LDAP authentication. We are using Active Directory for the same. The code is pretty simple and works fine: User is able to login successfully with the correct password. However if the user's password is changed on the LDAP server, the above code is still able to login the user with the old password as well as the new password. Looks like some caching is coming into picture. Initially, i thought that this behaviour has something to do with the com.sun.jndi.ldap.connect.pool value being set to true in the code, but this tutorial mentions that the connection pool is per JVM, so i am not sure how caching would be done across JVMs. All the same we even tried setting that value to false, but the results are the same. The user is able to login with the old password as well as the new password. Any idea as to what setting has to used to prevent this behaviour.
P.S: I am not sure whether this is the right forum to post this question but couldnt find a more appropriate one. If the moderators think there's a better forum where this could be answered, please move it there.