Win a copy of Escape Velocity: Better Metrics for Agile Teams this week in the Agile and Other Processes forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Tim Cooke
  • Paul Clapham
  • Jeanne Boyarsky
Sheriffs:
  • Ron McLeod
  • Frank Carver
  • Junilu Lacar
Saloon Keepers:
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Al Hobbs
  • Carey Brown
Bartenders:
  • Piet Souris
  • Frits Walraven
  • fred rosenberger

LDAP Java client - Old password being cached

 
Sheriff
Posts: 10445
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We have an application which is trying to do LDAP authentication. We are using Active Directory for the same. The code is pretty simple and works fine:
User is able to login successfully with the correct password. However if the user's password is changed on the LDAP server, the above code is still able to login the user with the old password as well as the new password. Looks like some caching is coming into picture. Initially, i thought that this behaviour has something to do with the com.sun.jndi.ldap.connect.pool value being set to true in the code, but this tutorial mentions that the connection pool is per JVM, so i am not sure how caching would be done across JVMs. All the same we even tried setting that value to false, but the results are the same. The user is able to login with the old password as well as the new password. Any idea as to what setting has to used to prevent this behaviour.

P.S: I am not sure whether this is the right forum to post this question but couldnt find a more appropriate one. If the moderators think there's a better forum where this could be answered, please move it there.
 
Jaikiran Pai
Sheriff
Posts: 10445
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
After much googling, found these 2 links which mention that this issue relates to Active Directory being installed on Windows Server 2003 SP1 or higher versions:

Section "Password change issue with Active Directory on Windows 2003" at:
Issue with password change in Active Directory

Article at Microsoft Support

Apparently, the registry has to be changed to change the old password timeout value. Havent been able to find a programatic way of doing this.
 
Evil is afoot. But this tiny ad is just an ad:
Garden Master Course kickstarter
https://coderanch.com/t/754577/Garden-Master-kickstarter
reply
    Bookmark Topic Watch Topic
  • New Topic